
Is a PE file Malware or Not Malware?
Hotdog or Not Hotdog?

Attempt to use the machine learning workflow to process and transform sampled PE file data to create a prediction model. Using the generated data, predict with 65% accuracy which PE files are likely to be classified as malware.
http://resources.infosecinstitute.com/machine-learning-malware-detection/
https://app.pluralsight.com/library/courses/python-understanding-machine-learning/exercise-files
Based off of the research "Selecting Features to Classify Malware", we are interested in extracting the following fields of a PE File:
Major Image Version: Used to indicate the major version number of the application; in Microsoft Excel version 4.0, it would be 4.
Virtual Adress and Size of the IMAGE_DATA_DIRECTORY
OS Version (may not give much)
Import Adress Table Adress
Ressources Size
Number Of Sections (we should look into section names)
Linker Version (may not give much)
Size of Stack Reserve
DLL Characteristics
Export Table Size and Adress
Address of Entry Point
Image Base
Number Of Import DLL
Number Of Import Functions
Number Of Sections
Included in the dataset but not used:
DLL name and Imported Symbols (we might be able to create a weighted score to use with this info?)
filename
Stuff to include: DebugSize DebugRVA ImageVersion OperatingSystemVersion SizeOfStackReserve LinkerVersion DllCharacteristics IatRVA ExportSize ExportRVA ExportNameLen ResourceSize ExportFunctionsCount
Pandas - provided data frames
matplotlib.pyplot - plotting support
import os
import pefile
import pprint as pp
import pandas as pd
import numpy as np
import matplotlib.pyplot as plt
import re
import csv
import glob
import magic
import hashlib
import sys
import struct
import peutils
from sklearn import model_selection
from sklearn.metrics import classification_report
from sklearn.metrics import confusion_matrix
from sklearn.metrics import accuracy_score
from sklearn.linear_model import LogisticRegression
from sklearn.tree import DecisionTreeClassifier
from sklearn.neighbors import KNeighborsClassifier
from sklearn.discriminant_analysis import LinearDiscriminantAnalysis
from sklearn.naive_bayes import GaussianNB
from sklearn.svm import SVC
To make our code more organized let’s start by creating a class that represents the PE File information as one object. We are using the python module pefile which is a multi-platform Python module to parse and work with Portable Executable (aka PE) files. https://github.com/erocarrera/pefile
def sha256_checksum(filename, block_size=65536):
sha256 = hashlib.sha256()
with open(filename, 'rb') as f:
for block in iter(lambda: f.read(block_size), b''):
sha256.update(block)
return sha256.hexdigest()
class PEFile:
"""
This Class is constructed by parsing the pe file for the interesting features
each pe file is an object by itself and we extract the needed information
into a dictionary
"""
# look to add PEid signatures to detect packers
# https://github.com/erocarrera/pefile/blob/wiki/PEiDSignatures.md
# signatures = peutils.SignatureDatabase('./userdb.txt')
def __init__(self, filename):
self.pe = pefile.PE(filename, fast_load=True)
self.filename = filename
self.DebugSize = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[6].Size
self.DebugRVA = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[6].VirtualAddress
self.ImageVersion = self.pe.OPTIONAL_HEADER.MajorImageVersion
self.OSVersion = self.pe.OPTIONAL_HEADER.MajorOperatingSystemVersion
self.ExportRVA = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[0].VirtualAddress
self.ExportSize = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[0].Size
self.IATRVA = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[12].VirtualAddress
self.ResSize = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[2].Size
self.LinkerVersion = self.pe.OPTIONAL_HEADER.MajorLinkerVersion
self.NumberOfSections = self.pe.FILE_HEADER.NumberOfSections
self.StackReserveSize = self.pe.OPTIONAL_HEADER.SizeOfStackReserve
self.Dll = self.pe.OPTIONAL_HEADER.DllCharacteristics
self.AddressOfEntryPoint = self.pe.OPTIONAL_HEADER.AddressOfEntryPoint
self.ImageBase = self.pe.OPTIONAL_HEADER.ImageBase
# If the PE file was loaded using the fast_load=True argument, we will need to parse the data directories:
self.pe.parse_data_directories()
imported_dll = {}
number_dll = 0
try:
for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
if entry is not None:
#print(entry.dll)
number_dll += 1
for imp in entry.imports:
#print('\t', hex(imp.address), imp.name)
if imp.name is not None:
#print(imp.name.decode())
imported_dll[entry.dll.decode()] = imp.name.decode()
except:
print("[-]")
self.ImportedDLL = imported_dll
self.NumberOfImportDLL = number_dll
section_names = {}
number_sections = 0
try:
for section in self.pe.sections:
number_sections += 1
#print (section.Name, hex(section.VirtualAddress), hex(section.Misc_VirtualSize), section.SizeOfRawData )
section_names[section.Name.decode()] = section.SizeOfRawData
self.SectionNames = section_names
self.NumberOfSections = number_sections
except:
print("[-]")
number_import_functions = 0
import_function = []
try:
if self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress != 0:
self.pe.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']])
for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
for imp in entry.imports:
#print('\t', hex(imp.address), imp.name)
if imp.name:
number_import_functions += 1
import_function.append(imp.name.decode())
except:
print("[-]")
self.NumberOfImportFunctions = number_import_functions
self.ImportedFunctions = import_function
def Construct(self):
sample = {}
for attr, k in self.__dict__.items():
if(attr != "pe"):
sample[attr] = k
return sample
Now we move on to write a small method that constructs a dictionnary for each PE File thus each sample will be represented as a python dictionnary where keys are the features and values are the value of each parsed field .
def pe2vec(directory):
"""
dirty function (handling all exceptions) for each sample
it construct a dictionary of dictionaries in the format:
sample x : pe informations
"""
dataset = {}
#directory = "./data/"
print("")
print("[*] Extracting the PE file data: ")
print("")
for subdir, dirs, files in os.walk(directory):
for f in files:
file_path = os.path.join(subdir, f)
#print(magic.from_file(file_path))
if re.match('^PE.*', magic.from_file(file_path)):
try:
print("[+] "+file_path)
pe = PEFile(file_path)
dataset[str(f)] = pe.Construct()
except Exception as e:
raise
else:
print()
print("[-] File not PE: "+file_path+" \n=>\t "+magic.from_file(file_path))
print()
print("Removing file.")
os.remove(file_path)
return dataset
Print out the dataset for the Malware and Clean Samples
for subdir, dirs, files in os.walk("./data/malware/"):
for f in files:
print(f)
os.rename("./data/malware/"+f, "./data/malware/"+sha256_checksum("./data/malware/"+f))
print("Done Renaming files to sha256")
e4ec5e2d8509a7c60597f08674b6341324befafa910aa5637c473149b0a298cd da0a0ab047599de47b204359f9ffe81b307025ff53c233efeac32d4841a2ad60 638d8b4c817622aa1020c2e89d068d43fe8efaed37339ee2fd5713579c2041eb c1b3329113be9495c5d52ac198521196abd95e10b43a0c7090aa192d66b89bab e8162f1766459e6ef57b0063938da6cab886743ee5c5669233424855c8098f8f 7c77aad390fde87d0b8a8a4c3a2d5e2c15d890189003312f75a8a444ad47fa40 90355b0723ab41d99642fa4bad2ee77ed1cb2a92cb2c1fe45c2f3869727df08c b6315a036afd83d623ee31d4f6d9983237f7d7628a9c85faaf3fef76a818ac63 473bc48119ba2883b34c83d240085957470e473ec6047cea082be3186dd954f6 084ae81e93031857b6c804af1df2da7c4e055d58caadf727fae67d3530c2bb7f 3c212affc4e21d5ebd1e4376aca98577cd44f9436e7ec3abbea5f14edb5aab1a 47fd3cbebe85ff92a7c7939c289361822c45c1c1c0887cbcbf7478b45244b1bc 2a44cc2b8cd5e04c31b640a2d7e6cfbe27ddfcc614b445268a94d18756678af0 f307939244103caadc4a73c86667ec6e601fa082b56a734b723fc7edcdb9b4a6 321fc8782390b7e99a8cc946a299fe8bcb4f0a2569ea2541ae1c8e1b0659a37c ec3f778fe07bf5f3fcced76b5445c2757dbcf38c90d486f8280616f54689f655 2b17b1def146ff2d023c383784bae55ba613124af3df33cbb7dd8eeb1f830f54 365bc4420db612e21f2c0a17ec94d224037fa69e878c3a6880b59060950ff2a3 f0323b7e2e721504a0c4539cc02dd471fd5615bb0a913aa4bd0c105dffa22dab 4e5ea8c3edd23c80f3b4bfe53d129529f492f5b3859b4b9835d8dab8f1b37941 844e86dbaf12dcb82fc0129e9f7c8e59889f5548120a6f1824c4c2de139c4c23 5d0f268e678a5c5cdb08e1c78907d667f4a4ea039cbbd0b4c58789f4f197b737 f1c8f2a783fc891800db4054c1096b77f3908a7db2cdf255d36a6731d96a09de f278cb2e5c34a75a2f5e57ffb4c8a9a52bc8abad537a61f481730be0c0b13d40 a39ef11b53db39a1c4e81071a0676688706f17ca3667a98c065560a4612e804a cbc8c15a7c0237d403ef0b4caa6f3e7c8df61a8bdc34b03c155055cb267768ec 3603f67a6606e7fc32c06519e2afeed15289bd160cfd48d37487bc5f8aaf513c 32cf4fe1bf38926e63376417b3f8ce2d2c591fd3539839892708b11807ebac23 1af7a96895ba3064b40323b07f79fe279c9db72a71ea43b321e480f03073b01d 22cde70dee00d2f5071739d89658114e0cadf7f7fbf742e7b60931625f88df78 00a02d154e7389d3a5fe572e9800f1628e74b8aabe4270f3282a8c0ab0951ff9 cab869f98ba3fe1948d2b48fa76fa4767fa7f31e28f3be2b34572ab0c63f942a 48b2050373ad48fa2848943c04e8b60c2fc5ad9c3f4c7bfd46b8c0ca09269312 2631aafa045b1953c09502c92f520acecfd0b17a6f059a2e7f10ce77dd3c632e 72a1639c4d0c53e0d73610a6af4277ce6cfa751aefa5eb1b6a121f090d599721 c4f1d59feb1a131b6fd99fb352ebd8f039a33524703bc5ecb68b1521f5b32097 652cac5fedbc07221da48a735868fb33b55e11496c2d31816c99b1d8a8d86a39 40377c131bbeeddc46eb0f025f77b4693be80aa271cb0978a392f5b31532ed6c 67085c902c65567e81845fa9d162bff568bdcd59df67bfe1dd90dd6bf8ea0ba5 46f0980e21c9995bd5357a4ca872c3d3ee965d3942d99c982270b85f382b3905 0ed3b1449a469849f451de56d6ff1d23f27adffdafb5698c3bcb4c3e6ddc2594 e9b355846580911b7cc8507f1c698fb0811eb0b6d0ea61f21305e47c375aa8ae 6647101d7f42fd62225439f1065f0214acfffb3adb2f152cd4aab4539ad5f10d 75a2b1e6231ff9b7dcdb8069aabb0f6c84d9db620714f52f24c1be3c409b9e68 8120f39e256c0869fa09e0569430b23a27ce59c37e1d7bd54b17f06ed0292fe7 a8d16e74db0f5a450c32a2f67394b6456ee1a415ba4a1c4a76735a9d9fb53f74 00dbc9c0db2020a47a7833740b12141c6c865510f67eb5b88d6d5f0a7a833268 47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84 5c1ff70e2603b10fbced58f7af99fee9ec7cbba62979ec3a0857aee7c682a45b 3f65fc632a0189985f0818a04853cb775ee86b280dc9ae2edf56a6d576dde59b 97b39ac28794a7610ed83ad65e28c605397ea7be878109c35228c126d43e2f46 0b67d8fc01b7855cb117bd01bf8a66d5f799a72efe225305921356b14790b42d 46bc4c8119718c81909742d4faf14a9e38cda9925a2943ba36ce94362fa20a2a 0d2b7269bfa06c7ee80b4da2c522b14799f947e96ca880e4f3d0b35f6cb1ec32 1f56d5e7a22c2b767b000100d80dacc0f63a7a4a5039c67b015d205c8aa5c0e4 8d235cf40112e6b419fa1437913bc903f9a90b17a24ec4872ff17f469b1a8589 4bdf030e2a349281208f8913ebd504a14b7245f5490b6dcec6037dbd0e6a6983 c53af157120ddec348df431992662028c761b5b398989ee0f98694979d82980c 7e6a30dd68215546a890b21ef57bad0fb15a6b7ac64e3400c265c0e0f6ffa70b b382d2387250fcf4d3ad86324e48ccf0288ce78d439ed06acbdcade44997f3d2 6d475b148222e98a20f165c4868e212788247a4f8e0028afaf5f128c4d0aa715 7116d03a7d857b18fd970c1e3dabfc953188e64269640eb757b3e7fc1e50c4cd 7e701144072b13f33270aeed3ea9eeeb2823840bb36286146c73d86df9221d1e a46f94a4d86c8f9c97f2b1e283515f27a0bb3c849977aa05007eab525f4cf036 a8b2cd0b25847b92220f60786ebeead8e47df8fdf737d0676a82335445bf7d62 aeaa2be9d0f3793ef20f834c039d57cf9d9fc5f68e5e4cc470d93f954a102bc3 18f36aac41ad4aaa1a6b2d475ac41720a081c3debf2df2c7f049394770264925 bfcc7f99c4e6087f216494fe50b5c4169c2ec3126573a81e26154c500a979e5f 34a84a55a2d3eca30055460dd6b44da61373131de769bdd548f9fb6b940433c6 26f6e0023895a06223a91363d56e71f3e23b2ee59809a08d8838b994a1a8c90c c3c47f5b2983a580985735b0fa32d966c1925f248bb97ec6638209d2543b4cb3 4db151037e5548c12cb6faa218e9a6adec7330ae96418bbd15c8d912f544fc73 16aa94d26d21f07a7bad5cb9bb027229aed63bd5e746c6ded2366a60204063a6 d002b5d4e52f343bd5ff377ba374e5d3dce7bdf5d2919b134abfbead90386f1a 0dd9fca04aba0e49801f3c1f1647d40fcfcf48808603855f955c07b390d1e1ad 8fe59abc18708967e5a5a0c7d331bcfa3898159b2789572dd695953322914d70 3e0765de464110e8b2ab5b05feb4b0cb9286c09ae61654a224a64d202f6019ba 00cb557ec3c36d07f27e264dd6bffb6c858a3d9568878db3fded2a0bd0f9fe3b 538d982b1151cb6e367f5c3a27a02c4d8c8ec0c467d7dcd50df5d7b97aaef0db 13abc28b2269a73c8d621fb88b487b7e83c6ee014816493f0d78281a504ffeb0 12c7ad0cb4e245b5d51dafb3d6ade6a22681c4a7ab19d919104cab333f956260 e16314d8ccfeef3c294865925c01babab9d52d4773466a3925aebb7c90041bf0 8ef3a0b2620fff9b616db2e7e77e3a07137748d9c05cb26d6dd946983b06b849 8db369f1944a2bceff930181fd861603129a94f5b5febbe5fc20df8eb09520fd 05f2de90c06301502274b4ca2ec279e1012906d522176e416bba667353668f7d 72259a3704916c9c60a055321313a70e190dd7662beea77c3c63bc1380abc0c3 2f3a68fff0973a87198307b55c6680503fc8254bcb2d745e27b0d23343ce5f51 2a83f8a8d335bfec595b4c4ebf0a96c78889aade87134859a1693ebae8f9e159 2a1868e906229098e6f5ef10923fe7cacdbb2fa8cb9623e627f752ad3bff6cb0 cb0103b3fcffdc166321a9ecb304368095c7b5d4e8219ac920cbe1b3e5b89ddf bf60b1c50ae9598d289a5b9e2223cbb09c2227552ff83a490491d6d74f840f9d 78efc5995178177035e59357d306eeea3c6bbc36dedc5a5be980aa57e74dabf0 604a974c12832f7aae6f2714f01642d80a72e0e11015ea2f77400a165f96c86f 5b7b07d1a22abe6baa665864312ff2990cfa41e9fc50b71041742a612f11f7c7 ae090428cb05c1d951e1641d0471b6533a5bda75db1c557cca057a3372d0336b 7b4870390dbbfd1467cb4554ecfc88704b82551f31ba065093199d8d1f16ebd5 9fc2af1fcfe6f7edbc0580a7fec662c095871ae1bef9faaadf36a1e737939eb2 a0b4baff4a545b01f9e18d1aa963cea21d29b4fe10657d2457b6b9afdefd9165 6daccdfab365667009132e7c938a6dceab09dbf11d9df8678cc7dcfe8abc3973 4f63eb99dabefb760e61745ebeae4981fc16d91715605a717d3cd94db2db9789 3dfe8530b3c7425d5363ecb4f90f1b93bba9dd353af33ea72ccf3aaadf736d3a d3b74d0a7cb512a60472d53d09a5ff4b9813d6a76ea8c6f8b926f83469537624 77293255d2e6c1d3ceaeed6739073a6844b976ff8497924a4695318f0f61f993 2f6e2e657c9c15fb9828d2a6b473a77327a2f6b0e1e3d0a0975f2a5c7aed2d13 cc007c0f5f127e8c6340f548888cc7d7aae12c60e2c951e622b192b272ebc413 06e931e942a7b3eaafbac790e6ac103e7a77eb2faf1b6d3d4127289a90b985cf 284ee87a6751d1c031bf5305ca4f5025cf8043f3fe71f0712514beda6444e640 d059c198f98d55898e15b4631e0e5eff55d0f699efc508e377c84e637b75db49 2debe67a9d687500e6a82b4896301429280435bb5225bd90abae4e7cb85458a5 aeb9b9b6e3b380aa117c4fa7d9482119b231c629c0ffc1e6eb3c0c5d066e28af 242335f7306a747874d99734e86f4cbf9b90cd6af0ff6ad4cdc1c6d1716d89a9 5f23c5c42fa609d9a42f562f8e64211d59019bfa89ba039c926abaedbc1c2318 77b438e42357321350d2a7c0b543f15f817991958364d7d3c3688b9aeb28e623 a63b12be457d884f289c74dc54e9e056d2040e0bb921b1cccc888db4c8fd9ed8 a2dd820f6ec0e2dc19691b35aa3ae72d3a0e499950b6d54b880a141496d5dd8d 534437dbaf653a5eb9eeb7f50df6a105800ee722527a598cf222eb488a3a7095 6056ee4e09c4e67e50a113f5aca5abcf5790ed1c36bf9f154f630be4b1f5e84f 8e777183a21aa9c1238a306550e3656d3825d91cad569a210b3170aba1a12cd1 aeb53cb28bf5d26c2234c12e1bd4ec85570f8420e94da1a111bc962f2fe608d9 db65794f7ef7778c60f9a98f5a30e4a820c16d32ab033c3b7751d91e42f9549c 07cb05f72ad3be4f58378a618eef1b957b9a5a57d6fc6e0f15e850aca5d5161b 15add92599f9e46fbb9083de921f2bb6d6a5850c500c637b72baca52da8b7750 b9027e7744cc79f86d3a2c734031fdecc84eb99e3c7f8c2e6fcc7022dc8c40b4 739b028044f47f6bb25d3488bd131bdea62d5dd3111ebf6cb9716c2cd55393be 4edcabead7df2e864c6e874e42f7d6c999b2f872ec3a41b06e2b3193045c2117 1c22680620514ba964277970ef4f2337cba95f2ee888ce2ba7fcc79696ceaf85 9441032d923e580327c87c44a1258726267a2c556ad5660b058409df0c37234c 9b53be1f8b1a550ec9a8d99af5e6ce6f3adcbfe6747a6020b2ffb0db005e482a 6bb4f7b217fa108f6d218aa8acf1c7ca741577073009ed5d265003f05fc09fcd 241d986b7b36353853127986de8d4687eec42b9c39bad2824c90ab4f18cc4961 efd5f0db92b96994cfe87d71d30234132a5b5bd61dd9eb576f154e5474c41be4 ed79e88bd6f0e5a6472b560e95df02e2a806b51791024bd0ef88e41badfd17f1 5314ff1f49a498544f8d4d3afdbc8e3536a958e7ba75e5dac1b8ccd183b62126 e0b97c1bb84dd9723ffe2c1d87b01e88e217a535b570d159641bcfa4952333ed 8fefab350799a00a43005745bffb8f9bae3d1a8bd6d4861b886b930b0f6112a3 d286e34dff391567cabc6acadc28fb572b180d56b6cd40d43752af4100888340 54a018f57390ca007adcec44a49e510ab0cf78e4e9698fb9daaa3fc07cfa18f4 66c6327c3e1c5f001fb61984b80e58fe9c34f243744f3a8752429bad518f8749 99052b0c9c4b47c853e0ef9c20ab4c8f4cf234d16b350b79f7c91dae506ce34e 33d9efb38d0fffae6c67c329aecde9696ca915a571b178a5482efd11413fd786 47a7a5de661e37d6754f0ca1d24e6feb49f5e8b4080b0a40b794d8904a011ad6 393d6000d170cd5726668b00a0e99430dd390b0ca09da0360d17e6ef2af69228 7e7192e906c44301c0a0801e0479de5451b27c4de42a41cde2b4df15ed3d71c1 34f8571f4152d7f493b5339d175932d3b4be713769aa8b870457ea38bdb9a65d c611bb7eaa165bd6b85540f31dba08ecfa79076ee56187d28b126ace54bebe52 8a60b820f87182605953df77025ed1b8274a6a7a505243ba9e09feeb359cb536 ca9dbb4128a952aebe242c09120880a5001fc39b703560e3afc3ff5762c9f142 4aac6b77c7c48d212ba41a231f62792100ef4b05e5087b9c1feb8a71e63f4e5a 2c8f21f584a3803463d2584785b85f483f5c14abd910bae289430ed2c6ce5e36 34ec07469a5fbe567932245cef254e362db1ce3a9c97e9cfef298f47bc08642e 3f25be90c7c84ae837e874dbc5fec5f28f3bb087746bd24e3ba11cc7ea130f2a 8e5e76d065e6339a183c4f15f66e17e79beed735cdebc166eb4f3e5371d780b1 0825c00613ec1a0c879cd5053f862db5a7ce9368ef95913f91ff7eb6280947d3 47bca70cbc72253dd7d97d83edb7d1456f0e2c2ba4b667f98fe1456c5edf5c07 cb2894f04f790e3f8be68278b6c80ff35f42f88b98137ea8fd3165cd09215ede 8f6554e78cfb6d1d3898dca8d8f14757784a167fec5438ba3e3227fcff9463b8 7f549769ae36cacca1f331dd0b6123dedf4ba10badfcb798c46d810b2ebd5471 6b2a17901118712076fc578b12cb46b892d2824f6935297d919af61763ef8608 c3c46fa3a2818518d22391b7ddd7910542da15e2ea5c608f3010e8dd7e6ffa75 799e53bf46b012ed9bb28e2007bd830333bb70b62134210e5967e5a2416665b6 2b77bcec314435ec275eca22642dbd15685d4c3350d83a4d775fe2a8641d5c45 b781bce08d62ee8ca17be3dbb1842012a32532c3e71ab69e22cdef60259a3464 9b38ba90836003bf5cc67f75769be3991227fe5ef58b367a4a2bf0ea0d1556f3 c8da1a824306a596d3a0f4e84e1f492a3d7fbde77484a72d485f6deb9de32bbb 7560e4554d08d0123b38ea06136c212354eb37245bb31fe6d92a2ea12c687169 14d06b21ab235a0c4259e0002c7cdf653491167da4f02fb4820f0ce8bd067800 5a10a670b1f0f4609411055c234193ace3ee941de8c07efdcbe5717789bb3a48 513e6f142cd61a2d3abc35735b35ba8681867b794ca9e511b33c6a4fcdb5b5de 2cf12dfc7d2db4ab5383592293a929a3d73850a5957fcc330ac80320ebb43a8d f89e7192d08324b8d1f9669d5ad22cf3e3331c3b8a31d73008378c74c3a1f1c9 6ef69ff379dd2987fb1b88f2f82623c98a92fe41f71d05f00f96d179d3909ebd 8c5a0e5ebe5061a358b706986a818ef98ee724f1e3d978f3a1d85f4882e28957 1ff97b0d790e7d34e4f4c4b18154cf90ff82a4d5e66665b893ec3bb3ea8c1bf8 af6a6786793afcaf681887ddb812cb14562d73d6bd6214ba99bef5ae379e1bbf d33171bca09c4f40902144810399f44d3e8b73e2c6c635a020525004ba7ac53e a4c65a75662efeb5149fbf7cab8e73ffe6422040ed6d0c8a57f27b2ad3007998 34e7b0ea40b7e09ceaf993a42e3c0c9e68e9841e5eda859d06b0aa141a50647c 805374ff33c185bc2b5191a8c1b4c19fff4f774856dd1b9fff0189ff0bc9a989 07aaac257f6fdb5c4060722ef297e0c0e06c24861740014f94f4541c7eeb7279 6592df07e6f9c9b818e7c9b45331f5ca79e60ef5977d2b3ab19bac23f585740e a5832b8f7a014354a6c570094226500aefc7d3fc804379a3ff79dcd8cc719b45 9c0f5c51f85733cb4d5b47c467ce9f787f8d6f446a03fd6317445d86a73d1b38 a295b2ba638cbc488c0bc9faec2bac82b720a525ccee5a9becdca312480ea4c4 ac5883f82889de7303a2383e323f9055b304b692a457f3aba05e962a127337ab c80d55690277777de5bba0a0b52e4d9869f814829e5cf6bad0dd9ee3b9976993 73a6f060f3e62c8067e29563a1d27f2419d760a4f1a7ffc1579e307f5f4a58f1 d7d2a2e15082d02b3be99bad6dd5ddf122dca716e204df7e01341b6fa36407ab eed1f52569e1839586f5d70b09ce36873b081b0ce70f47b7bccf16a17edd561c bbb7ae83a9922299538e33465a22fdc54ec6c15d6e9f0637c09d24c748848762 59e6176a2d95519b793531b4ca584e34d7195158fc7bb280e86cbc23d2bfb185 9abf6f9bd611fc58a61fe989df1a4a20eb670d8b1bc6a300bfbc76d1c5d9d193 5e83d91dcf08a62c9c02dcd5bff3f268f84ac9bd0152a81b653e08c2e56fed8d 72e6fa2b84dece16c7e0a1ab93e1b551228005380fa1e90591a996592ec6daa5 5480b04b18624c10222fd5bf67a19e4ec6b606561e477b928e80c7211532c79a 3f4c9f83b441cec84667f4ba1e937788b32d1d29315ab0e874df73bee2657ce2 01d9eb3e7c4b0a8ceb4c69924daba0bb4da90b0849665c46e815ae9ddf0c24d2 ae1c10480e7bc7c94bd038bcb1e33a7ebde7d84261d8317eb00a864726f0a37c 3dc41de2a9165db7ed462b50e0625c75e903cca91bd8a5ffca86ff4883b3a8ce 9bd02fa85c6ca4ecb91508e87f476d3acaadce24c0c9c8a0a6e10fd03d71a37a 54b9b8c9c1fe79d6a279ecdaf4ad8bf21e15e2ba93933bc43821ffb362b81ac5 331f801955c58276a8151065aa3011bc26bd95fcfbdebd26d20b0fe6ce0905e1 f26a9a6a65bacb457abe25895e5713c7459e8f91add60584be460a8ee4858a62 ea9142915371fad08d233c021c7d72bd252c30a966b195e3b510c3684cf76585 c00a16cd22e54538300ce78ae97c8f5d865de8edec22c02acaab67286b53ca19 ca5e87fb923947256bfe1fc1b92919a091c6da3ea7a3477871ea7210a01fb9b9 c1f64acbaf96cb7d78b008fd5358f799d56960c8c393fd0c4d0902a80ae76bdd 865b2dbe4bfa34663444dd508655860778332f228c52088ecb681538406270f3 b30503fb0eb8ffb6711df39dd5e2c8b305ea8c1d60cc81df51affa2f8e4a0713 38a08e1f3f72bb4dae5f65e9d968747389ed61bff9e4aac3c74b636d117bb9fa 1c14ade9d37a71d33dfb45c7d72f9f4b6a6ac3be425d723b4272b5cbe1ac735c 977a6d01cd81c628d89f6f0f7df7689a5eb3519b76fc4257a9dfcc2d96cf2878 3b38878bec77b98c79bdb1b209084ea27f708a33f2933d945cfe1ba1d8f30673 1ba4df646c590d5a0595ed0f33e764e79535ccc5335057827214c716cd2a982d 6dd17eb2564bc0263516ce985a02b345974dd624152ac9f87225f85ac040dc88 71408dc0a8a68a5e457a25d9f39c967a6ed0488180ff3c63b081decb2e126cd2 8568f814e03594d9a352607e26caa6b10fd9ab17fc2e529946246917e48f88a1 73f22d8dea968b0f417f88d7fb4a7be4ce7e5109583b36a6eab798072e6fe832 74cdd7e59b3abd27e56d06139287b79ecc92ac6a1dcdc13d34ae65f89860ec95 cf621637a0ad13ca415ebc77a6e6d90caf6391b9997f0cd0ad09c5e884035b82 73042ec92014fd226e9254c5cc03dae59b097834f05e70f70b571860420da8a8 6bd17fc3a63470b20bba539be198ea59d800ced03b8362484fce9291e8c22928 4a287131352410c1e0c0139a2bfe45989209f7aede866817d89e857ade8a7658 4e81aa5a0a2567ff616f7099774d742e22866dd010c3a850290f13124009de78 32cc654cc4073e9dcaf78cf6aa3a49215b24f51e351f121752e3f7dc118a5b36 3c8fba7851aa5c9eca70752fcd64fde62f3705257eadb51e7bd0bcb2b1d3491f 9b88a79837067b2b1495e54df55218df8a6a55c4898b3d37bf56bdc0b9d5bb1d cf663f070b61dc087ec5537c55a7d1727e7c4ed6e1dcdf8b20576ccf9de9c3b2 9d05f358cac118b158f311719670427ff0746133e37f07972db6a2d7f1e5e27f 623737f068a89cd15b608abdf194a1c666d621d0024750fc9c58492444bc9ef7 7d000acb7f5a4d390cc1481a44635d5692585a11ed1b6ba752b45ed2e256689b 3fa426d290f3e54baa17d1b867e5edc9e83d9d7b8aa38247dbad72d8f87e06ec 6ac80a063b8606daf2e4975983b142e44ce7e9861815a11ad3b2c7cb853d73d3 4e977a30a9648c13e874c4fa95a596c6eae65eb83b76bdcad8014df2627ef29d 1464e665566b7cafbfdc7aaa0c67e5daa4c92002abc87941805c527aa15bcb35 5c9db4ece4efdab4ef8ee14727084031e71a257d8409bcd68a5231c83df78e86 6ae6183b55c18e6ace0216cd0903f3cef52ae00f2dbf0461fc4c66e6e7249854 6091bcf4dbff3294d19334246cd9c793cedab2ed0599ddc43707195a845fc236 96cc76f7ef8e8e533d17fe5c34fdd944e1e3e21723b54a1d8ee6df97a2a29346 3a1a39852786a3210972f4f3f3dfda8ec10e3bdf0a2e88dc412be4c06378b483 d2fbfffcf8f621629e718eb7f82a1aec73e174b4fbbbadc1424f3b93c9dbe581 c1aac973b9050c9bd23dade59cc3e8c58bebb9a6229f6c06b5b58f3f487c138a 1737a2011c904447473efaedbb95934860310a2e117570b7c43180643ef3690f 3c2584a26896f9e70ae767222fe0b2d23d9971cd7869d054ad3e4b705385674f 24d88bd850dc75992c0facd5091db956aa95c42c8296e7bf9ef0dbd115cdf410 519dfc9e14f6480a1a1ec3ba7745367d77e4dd798685eb8211e3dc23417ff43f 2444a501dccaf6f2dd85102fa014e41d9bde5f0d20267084c37ccdd99b21d9b3 adc82f423ab22f6fe031d3a80683db642b5a92cfb748c41ced4d0b2b1e4a04de 9e27dc85bb110d11d762b594f5d6843c06fbbd3762a3eb4b94b968c5e5a2a21d deff872ed525bc283d11d386ded952dbbbdbb32c84d3d17631d27b5f7b04cf83 f493057440e28d88dac057c92b21b47a6e729fbaf19e8fe4374a23793a5df755 359ed51b783a857cf8a986b08703540bb5a4a47f1672bc7379c43c5ee569e8d6 59c2a6a2f007d06bb1ccde6cfb34444764899c2d2c86501058cad75c3f9724d2 480dd6a26428416c54673d10d25e3bbbfce07430713f4fa73168063b55babb93 9b68998fde3e1b362ddede54bd76a6288f8c4286b5ee8a2761a5e3acfd21a022 f18fb26d15a28b2314cad232830aa15bd06e97c781ba2ab37a4146fc7cb04e05 2d726abd9e0bc3716f86141015eab7379689115223662f943d7579f9c683d3cc 6dbcb3b1dc7a5dc10a2440241c192039bc0b5fc552ce4997bbb5f927dae816ab bfe14df209ae1ce3e58bc6974573594e5ec092eefb2b9eb70c7e24280acd62ed 3e12b00604bbb40f673a38bc80ea882874c2fa3b2670b136e0b9b79dd915a1fa 69e084e17f3256766031cf1de87950f700339ec7e7de02fd8c80e8e13cf1ce06 6a059810c40bf6534540ceb5305fdc08213541da786085c1a637d5fbfa5ef9b2 8bb2546c2dda690d3540d78ce745a99b335882ef2dc48a7474580006d9cfaf79 fee18f402375b210fc7b89e29084fb8e478d5ee0f0cdb85d4618d14abb2e5197 baa0f9e799a3d46ccb04c9d4520a69e58383b2d88aad8746f9214eaa8d3a06f3 9402d333af81d07ddb8c9d90b722fa32a03f2a06e921139e56e4ab4d16e516e0 210fc1511f475c1d448ba4693d99487b70ca50b2448c482026aa1c7e87d9424a 12aa72f9c1d95b0796bf193c1dcc09a3694b6ba84252d748aff5e5d133832178 78ad88d90b7be0504aa97e796e712084cfa8e29316e73c801fbf99d3c4cb80ba bb0471c1357a1552cdaa0c94bac293cad20e2838ba91036ae9fcdf815c2db5d3 afb936117a51446680827f2964dbdb34f2dffb782ab9929f7ec992725096f6e8 d7b0f9e0d738aa6926ec9af18686a6d512f8d1ab951c559a22481a2da905857a 95106629b0db072f44822dfa15d2f838a7142880f82eb6b6faedca4f12a56a66 a08e9e2b0032a4a13a01af974d8489137dc3a3058b758e8478a21f4f5c140c38 45e1fd52db8c8aacf9b19f971368ffba8ef3f29f83e5d0c2f3912a52d202b4e8 80747893a1c549f9efac06401a24938b12f71a60694d26c7953d06a2fb8a6c79 b95a5e2ae5653e4de504a1d230857b40b1c251c5b832057a3f3ac67ec4cdb408 9b53c66e950f469105cee4b5c653e3f50e1650e5ac9616a9df7a6a8ff87e3be8 b5f5fce7b9eb7c338b29ed4a152703a949c9f2092a1db3ae121c195687e31e1a 835a520db6ad05bd9e5f307c23c6db2929c45ca32bd09d6c5a14fa51a1b0866e 5319d4e1f53c44803c2952361d555510324a06072dc3c1c13c98594bc70013d7 3f871160d4ddc76584e793ec3f40f1deb83a2f7b5616e2306f720e5b4dbc1f91 14eb6038b34896245ff06998d98c4d7188292ec9899531222542b980aece72f8 b608dddd151c96f7c15fc780b4fc1109095dbc80e356598297d81207419d5b70 76437993f28048cb0461ee1d622e853460791ec0cdc97b156a4789143f4692bf 3ea7116346c1059548b52f43f3564672120c322f89d712902c664f6c0706d28c bf2a030e812b0af137a649bf53e310c9752e0172ff6e873ec77a2e8b3db256c2 61a84fdc0e402a04b4fe3487c595e790ade0df010c0e928933797e47cee386c9 ae39e62466f163d1ddb80fcfef7e30fdb7412b56f54578c809acb3e52e42abfc 70baf02e96ef1a515db921c1a3c466696af75a6fe51d8f1bf78e9e9d2964bd5a 1578893a802d00f6f5cede6b4ae74a82e844761a5666e5b0efcbe648e6741fc5 821d5b54191fa82573243f746b1dd746fcf1c8271914d1f654bf742ed565ca0a 335eeb80174bf8d034cbf23c7d2a41ec1413017db0a9c23f5dd4fce0847f4009 c233ce7dbdea82ef96aea61eabf8834d356435f6fb83db235bb46cfffb99b793 60dc6bb966079d506892fd6320ef54d67b38a74a8bd9284520c4c78f028dfad6 945e189c3ddac1d8300925b3faf553e8c3185cee0518e670089ff4d114672bcc 178408a29a7d6affb78af839765008453a2a1125026a4c961fd765379e7c5eb8 58d409bea05dd325ce5a2db1b46db3c9b8ee1cd495928fd5477a0f7e054231a7 d21aae932a180cab1159fb9ecf0224bdbcbc90e54a6fb72edfb291f6b9b2cf17 37a1a31a031414bbcbd7b7a7c16026f7af003b2c4b1786aa1bc0b93e86aff8d5 25680ce9e31c5642bd173d611ac465ca7166f7504d67a58e20fb5e6fd20f875d 5edd9e5338291dda1b4bba7ba5c6e7c7698568ba411ef3c0972bf96a48308dd0 54c1e4ccf229be4378be24b10ecaaab4516072e020ecaef78742c5cba6d233c1 b4ed50833256dd30497430ab7ae859e3902e72a3dc202dff6168f941666af334 74e16a62ee0983797f4ee5d2b04164d1cc90448269807dc1105e11a591279108 a8d2184d31ac2f84559b98aacff6352447dfb4fbff77f1ee1b8c3e4eae7c2afc 679185dfe9116ec51311577155282272f97eff304d230e6d087b5fa4f83b1ddf 201f26b787fb7913b384fc266f649bc698e0465d7d27b5bf27c7c2aa7f538b62 52c3a44ae22f0dbb72cb2de5fa19a46c9eb4ee0d79887aa390438bf1f1d63871 16a8a52f7c6699dfce18c9913aa748da7a62900f4d5b049d1984cecda95b7a94 18a36234f2dd49da0a65f4faa43830f1a8522027483be661df22a1c23b8ce122 9b72465f522eadbbbef1ad0d4b44ea6d4f5d554a157a2b8dd779172b7454be18 3f09ec2b3e1a0c6ab91b596f0302e76fb741a80039db91693ac93a7b71113610 e9142a19eac88acda42d97fb32435de8bf0434e355f4cfb58b948f193db59775 19ab5b7bec07ec3bce7d87ce3fb851943774b93a300ab19d10f06739886fde48 a2c7be5350a73331778681b5491c2258ec3ea99897f725c23110adea6bdad832 7a420da87dbca02d188e2ffdc62b016dd1adb737be705f86ec35fce55f1b42f5 2a5a580d083aa88cfa19f735cdcd0e0c79291384088df317e2c0f621f3da22f2 1c3d5f48f9abdb8bc3ef5cb84c8652ca1516bdd7c78d3fc972adcedad55df69d 40209dd150e8c1ddeb618dd1b4520bc2eb76b1c7c77d59860aad859d29dcdfe1 a18937267aa0b97fa0fddcbb9b5ff1bb5995000103db3f4f3633acb6c44c674a c15fe5257c5fa068d21d321cbf11eb5db3cefb3b75000f232455bdbe84f98c33 b0c507b096c8975f9bcd5270b9e142596ecd5deb940c51622d1f4987a5c92879 75384515682b641bed4b3cc09157f9c16d1a4742a0f08bab5c250d616582ef8a 968985829bec5c795c8e9729ef2d3e66a2c5d189f43a4c6c3a2b474c206c1c1e 1b0827e93dfec06d54b8504a3e5d9c73f227e24d7b5481e5435e09cacb391f6d a543d660352d9e6c21a8b3c830ff682a3b42e43e2bc881e03787c64b83cf31aa df481c0a996c8d66840a21bf3628768add8759571edd504cb3192b7b8ba3376e fab80c8daa62c97bbb4cac1520a95c25b6cb755fbd181437feb2e51ead19b368 43bd6c7e304a5ad09b52f279ea84eeb7df2e55f3d92428767f110b7ae27a3bed 85c0b53691d27e2edc76975df9d03a9182c7212f56da8539e3066127cf57b6cf 1e70874eff6d7ca829968eca23f6c43478488d12442ba676227ad7a47cb9ba06 acd9dddb835b32baf47cce03ae93ea8635967e10305acf00e7eb0b12bbcce901 0004cec68fdb95507c6161d84e4965db60f997a679ce20786075992f1e5b340c 3aec694d72efb396b6c3c857153455a714afa89f4edb5536219e0dc8a74f531a 48889e272a054bcb255dd74fcec273a61da8d6789c842cf20c06fbec37ace1ee 62f51d2196485408045ac008b1c6020e10f57cbf61ded71c0b346af2e869ee23 8d621fadea6da7a8b77a64f287f37c9ce4cd8c685599b3ff66ebca898a90555f f20b6dd67a16ed8ff9ca5db8bb4581d32b2f4c11951b20fb798de502db8390e5 a3d0f51fcf455dbdb766f9f8994140da762dd1d8c4d139c748fce970ddc4991f 8991d57126ce4fb3eb9c77651aa50e640f99e39e546671bae8a8d84d7c9b72b5 4f67d58a4cbb09be604cfdbf75637469d75db9bebdc47efbc0c77fc6eddaf95c a514d3f6498c98d2a3c4f1bba802be59eabb5de066355bc6c477f5a6172255f9 dc52184c184823c942ad69902f8608b0d997590f515011ae67e7e18705076ecd d86d9d0c314415ed5fba9ec59f0b42e1ab3c599f8b25d00a0d1e7e6416776d7a 9dc0a77f4a26df00b6f2578826852b98266dd7c6ceafaf498415337873bd9aee b1aae702bb095a17fa479fdfb66fa1168619638fe4f070de441a3297976be2d4 c5caefd19fe5b361a65d124a9318ae8d357bc300e66e6d34d030eaeef2b1ce3f 642a03a55e04e2ec6da2f8a8df0a2f8b63c0f35f7ac021eb0a4fa1e92a6f601c b4d2adf74b34ca61114473dc6a10338881d702797239a337886e205a246f0cac 8cb63c682f24b058f474a0d6237ab2ce5f303103e1356bc33958456e185ef61b b74493860b294233f324e97349ee9b51838fab3171d4a1f33cd67a3dae47eb97 202096bde5a417f4c9546d8263cd836fffc61b806cde45e3830df7bc83c6b247 50aadca76302e13145462a6c70559b52b0054310653619ee5ef12a002c90e88c c8651e5b373efecda48ad2ec2f92307e6894d673f0e7d83ae60647a07a185a7d 542afb77433a3fe19788642e90f3a675fe7040e7283aab5e93266df398c65eae 432c26e8f90d9e2135f47766a548bbcd4963a1aad8b52ade8894cc916de3af58 2d0aba272b39e942344931beb1469229285ea1e23bf8ee1038b8d32ba2e8db86 3ddd314f1a0f781596c0f4b2191c6beffc2c2df0dc02f7ab4842a3eebfd02059 8b806500dee38824b854e9d5d4ca7d5df244a8653dc45bfec538c5dc28a5a15f 82961145087458fe8e5de95016722e9bc676f7a5a6a0886262de67b5f6859b6c d775ef79cd103752ae08187b28b73227546d0d7583b9ca4fd338931b334eff0b 3c2a40f64aae9c3185cd852d8113c1bde8142852f115304bcfbdb2b8d753ef3f 9a0d9c3e6340c7bb8c593b318b8bbbeb98e1cf71a57d7442930bdcdb0345d912 5f8c892d0cf1ec2d9781c13853b2fb1b0f5e087e4c77e8b9de361b6ebe2226c5 e84f033460a4b6cdc5a5340ef654cb7c42e01bd690b9033c515c4b2a5ffc65c9 153b5a09d89213a8164dc511bccf4530af70853b89efd9babe0499777d154852 3a48814c69b47661371a4ae184640c4dcc3db94cad3715b99db9325c85d5d5d7 2f6921f9135ee2ab2cbea588746648334d5596a6f40817a11b0268f9fe834afd cda12d1a94fecc9aacc41b95f9df7c0b3ba452496052c6c62d3e0b98347f9ae9 400dd28d8c2fb176cf12e8093eb344a6997f15e7d333f2abbafe4b56cb47afbe 8ded3a26fc6a148a20965f13d6aaa936a04d0105472e8b10ed1461d3b0673e14 90546d4bda78b91c8296207505e5d5475c4d350646906b2d6f593391cb34e0e7 c641b11634f0f5319a153fea5ec9e4ae1c4c049c4898a55551f2df0ecae333b7 317849c236aa238bd3287ed58effeef15db1c7d63cf54bbbba1f88b3d97d6c7a 9739b574cf04d593fc3984a467a33512fa153c0c8330bb1fd929a8e951956775 79aa829a6dac8d25f453ccebb063f7f080c3abc922031f4c7a5dfb4dec8036d8 f65a6c764b773dbe55a8dc0b5a992b55e0b3621bf11081ffb273d71eece10641 64ed0e533d82e680dc32f4d593bbc63f97bcc171f8d4d43b43366e2cc6d6d826 69422bbcff151cbc45d6f45a203c12a0042eb281f72b4a059cd2ebdae291227b 61ba03cce4bb75cc502f8b0175ab3a12f7807a51f2321468ee32fbcf3317287f 1af8e45337900146089a025fb0f0c45a2738841dcbb547a85212d202e550672d 7bcf1cf72fc56121779116e4e11f9a7f4b96a5dd04b6427e0bb70374bf1a898f 898de47d1976e3cfa2743dc6446126110cfcb057109ea775db5e4da535cc5549 8416770393cfc2367ec5cf05871e059501d4e177bfd3a95796a880b3bb0b7f67 abfc0216cb1db3c9345ae4ce7f685a569e9be9b90fa391cc09ee0f7a40112fa4 2b20cab13ce9e060bf31aa1aa6dca2db2d3f1d3dfdcaf7bcdf91e12b3a6e05f5 3d8fd3071a78e85341b8ee9b0399fb665a391622b4fb6c27b3ffe111bab5fb4b c6eb63781a87572ed1522bcb2cdd5a9e5e1916d2d840ded41cb6759ba3eebc01 3eab2d7a09996e92d91a04b51073dddc2abc99dbe2ddc713faefb3b913ba108b 5161cdafd0c6d79616d775f79214b2e7e3ad13de71db63e9fa6bfc448ba4084b 6a3cd9c3d2b5a1d61652085c1a3b172fba70413bd2297ff3f503ac05fd953f3c 5f119d621493d1731ca7df8ffc67c58f3a7dc3851e76f736649aeef524db0dc4 2b64f38771ffeea01cbfd5a57505e9bb58ed9328bfefabfa3891e17dd564ef0b cb6512661e568c9b9326d915a74c809ccf71693f0afe196a9f3f068aeca646f1 21a99040697696e8095e3a442303c12c1e8ebfa481fd13c16086220d505c502e 49290e5cb88e66762409c2bb3ec2463f44d9cd8d56020edf53f55a9b715a8d64 7d1bfaff177d8793dbc6f76eca5487b338f69c9d3c84e8e1601cc77e59a3d07b 420aac924ab38220b5cab5fe6eb895a82efae97eab224b79881677c1bdf9dae0 52f6e2401e4b1c6f91734b3dc20e10de648688de4a9f05dadc9c8e8931a64cd7 41a01196b9d71cf32e34a643924261b9b0d5ed2fb4f4147cd83e31e4e23dae74 f18a6d3cf01c2f0d46fb23df3ed1e49c7e185b2796f8d54e184a6ea168da0bbd 73dbf71fbc42b1cb2354b12d3c4c10ca80929bc34100eac6c1db390b6df79a8c 411ce28a7260f2a9ad989f46dba2bd5c5cdc666c306af899f652a1de2b7c54f4 3528469d41b556fda2c6f22acd8d92744d868ce1c15fbce991e25b76e2bb780d a0a55f7390c91afe5764662e5476b2917e5963bbf25364528aea66f2dfbf7594 54940ef6bc662a3cb3ad5c9155e28a8c459ac919497aa9dc123e5e1af7379b34 a038bd815a7c04ee3f6ab38cd2c97156b07da76fe1e3497370cb29bfea6f065a 66732ae7086ac646b223a5244af6a89f3ec25061d9f3d401a6111dbe5f4dd7b3 176806e07fdd05e2b990124d59be8ba640736550efe71f052c8fc52775b12af5 c0b29888d722dec82e3b9bc2424e5e7fb32c3ede9647be5a1e8c501e912dabd9 2e1738364af0008c3adf761818a88d004402d87f96639681b47fa66adba2f4ea 7a31bfc29c25edad1c5ed7546ce03b09e8c7cd55080d639678349d81499fc1e1 4744f60445f39850f834c20b68585d747d509e812d307974d9a75f8a1b644ef5 6a508ee7fa8102b82ab051446a98a069350e2f480f2e7fb8001386babb968fdd 3e1b7db89d3cc871443a8d09b54554fd19b2fcc67d8b32e767348284ec2df4e4 41dddfdd1b3c91ef07760f678a34fe43d6f0466ec68eb07997960eadf37b4241 bd6cab093b5451b4cc85b4528dc0251c97a3d11cb3c1493d25f37b06f8cd2238 639528ba0d2f206cdcf4df6f4aa9c533c899726435c21c67a8398ae989361649 23a2dcffda0de0bc85eb46b8705b6533f9f0103e3d707ac729a2936235713339 bd3b15859fa38d34fdc27ae5f08cb8962accdf28dfa3172a9f42d04222c2689f 80915284b9414f25b362b51db88d38b8fb42724b433681061cb7b211244c748d 38307a004e8d5680b6ef191fcf2cce0d32a19d44fc4bfbc180b2869095783f80 6da809b7eba9044a0f1f764c5436e0de8a0c5a7fe810b8adad4dff4812d99fd9 2703a38a1b9a8718c9c53984f8ae34fee22d2b9354d369795ef205e90fa6f8d7 c65d2b1c916db909d4c2fb0f6893978e76b9c52d53e69f9e3a4a3c13ba1b87bd 2f02a820c591f5c915ae5ab612362848b2a0b48be22529641d732030c66aa73e ac6fcad140c294b035b03cd4d15c14122b3a34f74800382f1dd8db1f545540cb 7cf8392bef146ce128f871541f92dbd23686c417ce5c061e4b7e5678f152a382 f1bcd14143b9c4f4b35e38a486e5bc281c5104da5ae8bcde963c293e2a32cbc2 71a42d2c0d2b9aac8a7a572ae3163e8d69b2df700e174190e2ded475c7b71ca6 fde7f22dcebcfbedafd5daecba1dc9952ff51c0ee433164b5509ec67aeb04d87 c01fe9f01b40633db53e458c170996a5bdd8cd2f6513c4a054e1514fde661829 e7725dfd8522b86f60d8eafe1b8a6f227b0a3f1e74e77d579573e113b0fd5813 259486b3ef32096ae8cdecdf20025ca282ff9722be54d71de79f5b36e69b1016 20255538932444661fb16979d0ac347fba388a07e1c096cc6b74710a7ad61ce1 f32b01499bfea3cbe329958c26e9c0ef5e9b846b5d902a37abe87e11b1dcdea6 62673b2b94c92523ae07c781f47903913ca28bffe827c49c4eddfddb07fea54f adf7d4b104224a9e4eb6e96aadc69c9782661530b33e2d46c3cd9ec1b2076f27 51af36f519a74c3f2d5b673f1ca48ea3f92d6c60a8ea81c4daff5096b05edcbc c2a029613bcdc032f9f653f765f10ece7930c8b9294386e3e1ce857494c09a8f b4a8b4a9662e20f74c888ef27a0940b7fb6af2572d3d01d51bed97ac49680a87 f9b4f1787b1d8eb87fd1f0192ce96f70aa227addd6a30ec2a31160d1caba35bc ded49ccd2b47b64b9f959746a2d23d4b0021b51ad9b6988b73d68c5dcc9ba168 3a384d62d08835e3e0746848d9ca89a4ca393fc115d0c11e4a5003c1c2585284 3debde619eea6ba2603167edaa7f6011128554679edda1f1bdd206922b46af2f 5db1ada64170e7a7932c29998c2e2aaeaf8bded504ac456d5b335037ef34d487 9a29f1de2628a368849c25cd605c4db409b2b8ddcb8287cf45e23926eea49e53 6207633b1841e8ead389e463a97b622e4fa399b1aa9284feeadfc3474c507231 1f0ddacd24cea4cbc15927edb18b4fb78e206ca896fc7855c53f6ec2cdadc099 44f9192b213f5588c725d2c3e30ba5ef6bd43b66c617f4ede48e2f0ac0327460 6bedfe4ecf7dd924c6374437f1d6e4199b121531cdf20df007c828999198b8bb 1ab3d22097fbfc9c63890d636c5f8fce86f90ccdd282be7c4cf302866e67b94c 9de51643e99b08e56e076401abe53a099e9590c7083d140464f6f6fc91b14d98 086c0d2d932584851fec3851282d7de822d07f129ca383924e157adf388bbf29 6a51f33c24a49eda081c319fe9ddc15b735531a1d847d9b0128e36a357898feb dc2edc7f2df5614c6e75a9e1f27943075712e88def317bc276cdffb1708f5dc5 8c398acc63b54549f470f7f83f2593ad2b9a091e4deef29ebbb51efb095c04ba 3d4b357481c8e8308988955e31def8145ec0b1734b1352f09a469dd052fe9448 eacc44ed55385c3253f9844b61cb50305de4a850c72acd843f7b8929907a0053 020b9c2e74cc6d932a7f60acacaf269db8f0135538ee81f3bb51e005f1769c44 19740564489f1c9e874cb46fe092851e397ef33ca6afe554d7240b7443afc129 c1479eb8e0065857e0b9bde2c0c62b7bb3167b8455372af17e3274414a380d39 26f557b692a934da20fe12ece8ae586dee70e08b4055f8e8e7715404dfe094d2 491b05cb3f9adc92619272c191c9db67c6eddad4cdba8a179f5678749de800ac 6aa26aa6216320589a41ac14af447ab611d500783017afefbc0bb0206d860bad edacc966aade9677f5f0e8acfbe1221c632a66ea0d7ed953844bad3b37b699f0 4c35825542adb5df5ce569fe4131a28052cd3faf32d4ea8f3d494f2e54f8a965 6c98b9d6d3b9680c0f0ad39b3fdfc59cbd45a668041bf2dfdc53ee0bf121fcd9 67afdd03734db788bb2e027f60b5e4f341a644db5fce057fe16fb6994ff0e460 8e8eeadfa03d31ebc8e00a181bd95404c223594ce15c0871b8861bdc89a81cbf 3fca9fe19d2fe89cb9391ffe22b869cb8cf652734b4a988ee2a51557616abc25 1726f58f49655d41116942b87f5bfa55c53c2280f15350731bb54fe52ff9b765 8f904518fd655a1ee57248ebede2ea0a45bc9daf63181692589216ff873d504d c7a4aa6db8e6c69e619ddb517a4fb963d45fd9df325fff1361ec6c0a5b13580e e9a0170496e18c976183a500e736ab58eeac2d19663f94f9bf9703fbf9cabc7a 7c9b51c03611d6ee1fdb2b9b27bc57acd6a7690c0f4bb354d918522f2a2a10a6 32a973ce00bf7502162ec5039a78fe6fc644ae0e999b889ba805476b54c801f9 69e6ac5e7a648b547e0513821aefdff286918fec9a17bdc604c798dd38dc1863 ac4f4a07170dfabf06e0c23733ea3068f992e4093f81afdfbc147b2f5ae919a2 0f031acfd428352cda06be247793114d4a5e192a863a83ded0b5f086b0773cb2 4621b7ffe87b96683b8c55de1464089f6b8fd8564f9b3164fa4113039428cb7d 5bbc6c1cbc6b22f38d4691e4dee1a171258b74c5cb6bd4196eee46a43f35d926 24f3521bafd4747a082fa64043c4c362a16c1612a4b076d1fa146c2ef71939e5 9b0ad8cb11583974eac461d138ce1c344b4d0238e70713ee79768186ff00903d ca61e148f167f4bbc2bd9ec709c2acebd2af0e0f939b05ce0e61f88106af991a dca2f38a365a3878bada4c0f09bdd5a43f3ba661acd58100eafa40db94b48f0a e26cb57638e309602caacab844f911bddf8246a404126edaba9aeeb1cb95284a 4916a86b6c2b4b141a1b50635ac115c776274bc7b177e6a2d6585775b15514a5 f492a8b86bbd70975cd524c4ac45df283ea42c280a9423911405824d27a07942 4f2c4a3aa41d32a1a8a4618cfaeece2dafcbf770af85ef48effa59d330960d32 3d6ff7fa98a376f7674b9975daca012278683f6cecf22126ca9d7b75e862e4ba 8fff4ea5fc319a00a920005ede04c4eec837259208d1927a6c18cce6d9b38175 561c898e605592b99a76c372be03280972b9ec28aa08af8eef1231968725a456 ab050900a8e10fb104a514c6047762d0c37da2a5e95779fb385a9cc8c289d6ee 36255fcc28988554e9a5b89d5af374876c0f925e47a7cb5db1d0bb49d68039f6 96e5a790c6a549a44ca45fc96f4bbd6d927ff67d782df1232ddac6d9b32274d2 0024eec62931670946abd4240d38127e23b4c0c9321de43bc9af96804d30dd50 4af8f703ab6535ed70c03c6e98e1ad040589ceb79726a531d49a7acbac7ad624 33ea253da16d4bc1a0a5598a994d20ce600bcfb10c3e255b79d5c9baf79a1a75 19b4ef0e6d9ecdd2c1d3f4bc978f2156470a4f0fee10ef41269266d024376421 514152828f6ecd9f0a5ee1698e79883ca97e39bb4dffeab7cfdd29b6495a2a0f 9127e176fa15d685992b36d6781d79dee5c5994431a021d13f78f3328168cd04 43eeea045ab4362873f0b110ba737c29e71bea6c209c1ad047cb15ae16f00ce8 b0de112a27c4b64f71137c19428243627f7187f62d092c04b3352aafe26f218d 56ed446dbc6513c68a357fdac55eaffd9ce6463256f5c3bcc0455a571c9f614b 41754660e199e9027afaf46edf0de3f8be91a19536a27ad4cd08c41f5f213793 44d6683f47a13d203309ade994b70663c76dabb2226af5f1f1df8cbca6e8e09c 72542d9a736877019ba23be25276e47375cb4d442796c44f6ade1b6104e8fc53 579989ee80b64d29aedf108a93ad5efe1f1ece2d331a737278d8a51d43673a32 a652ccbc910dfb92e89705532c627b82f5590a71462627715b2562072c25dcbb 36d0d1d1ed96e71b90e2e15da0189b2bbf6f69c21a0e63ee1be706b262c25482 09c5667f35d0bb61d4bacc3db30e7c91f436ca87d4afca095d5ae64b74a79a34 557d9a047e5edf21f90cd56f7bebef8ba4f0a279e1e2dd8e6ebb95991cfb7e4b 02ef8fcd3671438012dd0056b7946edc02ad383bc2b591b9e2b06d1d5c2e334c 72d410fda343e2f90e1bbf7b7d283f82bfa04b2b2a063546e9e01e72a9d4d62f 00aac566d9664b844e5d7ae641c58131ce59deced312236f4299638356484fa0 4f0498aa57fdebcca74c719cda157184c1d31bcb2692cfbb5c9b63343901eb92 dcc2fa1185fdaa6a42f5e2a7e72828e2d04de8e2c2263186559c09446e44c99a cf791914b2e3190945882c4c24ce8f44a653643c16a9399166c5b865f9664061 db7b8bdbf3b2fd7953f4d4018ddb88fff79e8d337122ad3a571e47fb8ea5a537 6a645668f630f05072da573a2ee6de2c8b56068e24ee117e6c6078d4bf2c76f3 1b5621c68261f4f97e9852f8f2799e00c9694865f488c40223abf9ebdfed37ed 27c6a044aad80ce77bee9c25489f1c2a867f0c7525bcbe7c2dca6f9ef7a271d9 21e4eb7c65655256ddeeac4de8f3e1f6178f4cfc5a7387ceb9cd9948ade15f38 994ae2c68ba7f1ad9c9fbdb6b8c70156af9455baf82a5f6bd474b280a2180c2c df7c6753f1fe2bb2fd168a715a1ba859e34efdd42b25783803869e1f832bf18b 93adec15e6e1bffa3fbcac246ffd42eaf34c0d815677e6de2444bd876a2b4680 76ea5fed87f149064150f91dd51d7bba3cf7907715f24bbc3b15458d6acd3a0f 1f02b810f254fda92c1f45203b5f204d6dc7b27e92d832ccb633de5d790492fc 29d108e43304fd59b71d7af372bcff505323e94e5cd115fa614c7c6b80bde216 a98b27f54fdc7b542d0c2ff11dc9a0b78c425071620dfdf071ec59b431ecb8a6 e9d1c4f94282311d558015795d18dde7e856ca07005ea1656ce84bd2132f8f9e 47e60a03fff1c174edbebb6a60e48ee5a8b048f2c6c34e8ecac0ceed8ebdf8a4 8336d53004c6e7021f9be107134239099e0eafd977692c39ed00a79649ae9523 af8a50427ba526a7fd34ba42f6c457dcd6d54f744987eeb120c3dc074a8cd7b5 07ecdbefdb715680519c6889f3b552bbd8f200c399b0387966974f49fb5d27cd 6dc8848c6775b59b0e17fccc7e89ddb71473fa1472d3fa4044e02a228bfd0968 6744cee15755896a14f23ecad9f789932097f61f3af9e863cd9563818bd52f3c 2772bbf4f0a755f954414106f67d73e0db0ba87a721dcfd0b9451173a19ddf1e d447bc82825588ac76d7a582900d943886b9f8e39a7bf115ab2673868ae91f88 bbdf1900774f4d6c1ee4fbe0afec71f571e1ed8084f863916df1ba286b083824 5dcd219206f72c433064a90d5fd5233740671ced87885ff3881e1694c8f3a3c4 d73443f9b511a7d82e94e73fb91690778366f07be89f920184bc8fc50acb493b 133cb2f76051ce78533347aebf651fbaa80e4e9155930b6ec7900ae7816d0f58 a6734d12c46d70539f43aef735c0de7e9f80e7e39f925b8c3c1a0a000f43f7b5 ca0068ee2b92ebdd3fddf1914cf314da9564238dcf2144277701a7b41d45c307 f3a1b6ccf1574590fae51100bcfa8a11938f77abe40820cfc483cc8999c0e850 d4922069f9bf68d2b950d0a7587b7334ffcb9d83cbc7e3fecac972e3ff8bdf1e 84797885eba607c4d597cbcd7dd3b9af4b9ac436be2a069b1df2e3662dcdea78 6df712028446af021b9ca5090778b3cc0af63616691cdcd50ba94d97df021b60 3fdc969d7c30c622caedab1d646735d5274e8aa8ba7355c39d04a24f7a2e7bc8 03bf155ded9ccebc74790dd1bbf2d9000cacab079a3ba1b5df4947123f70c9b8 22c39fc56634725bfc943206a98b86efaab3a3c3acf1c2b624425c2f3e6230fc 4fa6203e5ab578e4f9886fb6d1b0b91753a0ddf4baf5036b744da06a587a9b40 0afe81f4608744675c5fda4b36b249a7da16d52de14af542ecd62de48ccf654c df793f700ac4a70a63681b95cf6e01db32b42d54d5b487e4d9b7fa24c84d2313 3716ffe86a444de25dc44d6d002388fdc65a4d8bdcff5564b828f5e8517e3b32 afb33f868c27a7722629436707bd7ae6fe9e11fd9c9200ba073772e638ba0266 1b0cfdff377f1ddae9a3f21461df10d138bf248cfc9703bf2929bb3b8640c345 28b514b2f7c5321645932d2a044fb25cca346b6a2eb2b67d8a20179b0eb04788 0776cf5a136b7f287806801be96d1419dd7a3fd8283d004cfad828008b11b052 1b50d0858bb5662ccd46881a856bf7cb9be2fca6eacf4ae675e741a5c4966be9 a1b23923eab57d5007399c955164ef55b5e6274f3a9f9b2584b8d2844d99cc9e 2deb9d002aeb1f3f12a3104f1aa71d038b3a0ca354d45ac13e35d4836cb3add9 c535795438e9e6f1b5796c945b169ed1b442e481385e4a29ba745d1b6f06cbb6 6be1e343201b56ea7491d6f5be72ac9d4bf41a16920804d7e0f04cefd562d028 410eb3166bb6e806652cd945b62db9024090958f82e18b714646999b0559ed8b 23c28ba9209fbf0ef195a29be1ff95e24eda60aac980e2cb042d036f59c844c9 755a80e0353fce89db01f79067d3fe185c2ef1757494c6f98e15618e95916e7b 3be7b1d360376dc9228cae463338d3ac305996d057125e379ea1ca42cbff8d76 d784768937ea27ed673969a464b96798df3df80f9c79f5cbef4a8c62832e3f0b 6ad07f6615e9de8713b14fb4e12c95960fa24731a94a6e1e540e4f354e842b25 2ba910eb4196a66cb6681ecaea3b5df7cb8b6cbe2c7bdfaccdca614e74dc894c 00e77c92f5584c245cb6422a37028c47f232fa3fadb59b493bc7f4bd28df70cd 7c86e0403bfd8bb5b397786a3443f5f483beca2167b339cad01baa6ec8e4e91b 9edba1829cde6a6ccd3ba286126a8115d2e0d416cba5bd86c3bbf431f580e2cc 5295f2deee57b943be839c444d77b28e4dcab0627cf744bce2ef7d2515d3c7ae 808e02f8878ac4091078fd6fc59dca4cb12cec2f626fe3ab335ac880db213494 317d12da8444f3bd33fdad54b20cf25b2ccc7826e8f6ee03d28f4831beac3045 f9e4b51cf668410226769506c9aef59d613d32de3aed980d501a39b39770ce70 4381e84007f5ae7d8b8faa3df667cc2d726fec8446b03f04beaff55a78cecbb3 d3c41c9e301e8474c6eb8c1ce5d89f1ade602367e6fe08d879d4ff6363dc07ed c936bcda2930341557ffff92fd68f0250903f2394d8ea7a0cdc265494d40a046 03e7fc4b59ef56723f33c3531c292288051670a34112c1f8c896b0309fe8df78 513b431da8a384449085183f8d90e36262fd77ffe01209c5a29f2fcc60507029 6cb6c44e78447e34cd2815aa187381922067de877f0b267534603e7a1d8c84ea 2dde31dbb7090df38972b3d577d71c16b799e5d1f58d6bdc0fad0b588f4dd886 23cafd6f0772e7ed7a71251a1aded64f474261809e423d50e543e35271b9b0e9 a54aa248a163a22590ea330022d373fde4919b7af92aa71f63293ff1028ebf49 bad817ee87e1ed7ac1318a47f723a7f502938aba6f111f1cb0223a0952dd4474 69bfb20f7c1756426db121ae0f57f6e421f434b79eb13e4b81fbaeaa7a713053 09f1cc20675bc53e8504ed6df682fc513e535a5bc34dce58996ee799a7e9964b 9e1df835855965e562bdad9c3f75de9713de2d219c880fc9c457806293daef1e eb2a55ec12c2fa476df5e88d2b38f8d0a158d2a4c973b8b33fdc1a52a376761d 02968edeae1088f046b4afe4dc20c4668b40ac8849a88f763807a8d5637f424f 56c4084f1c6cc2d8e4e9a65940ce6e5c8b9d0ab403e4941c12bda6d6f94cb472 cc78002044bab5b262705620b3af18d767ae46283ab6aa70562a580bc2867dc3 8dd98370dea2233f53a97942b187460f23ba0520fea092c00e9fe8bfe63e7356 440f62b8089c9a3c187ab98b3ea0e5088215e151fe1af2969154439e8eb49454 d9c44546221acb7ad6df7b7a5e361db4440ecaeb9758f912edb75f88cd05ffed 13ab431291a9b486bcb7e07a5c6f4ef46d7aa932a1dadd4d52f2b52dda6db413 5911a5e7e9526333140815ed2d8b0ca8c3afb90e0750f31ee70099549b8a1f7f 553abcc0d38d5476bcf867fb031913c4a89192fee1e239e416fdf7ae6d46c545 1c4b22b2601bb190b754c12e45dbe9413dfc98ecfe632b0e187da35954236d92 de87683be8164d8c6e676f0fbc26ae75a059f7676fb5e3f1b8e1b8217737c4c0 3dbcab057f5790dc41c2000a53545eb369742a8e85c65ac52d3b473e6915371f 9b2ef34f6784d0d375f45e7ab97341f861e7943f7dc7320db4ded27f237969be 9c0f7d20a3b7b9a3266f3a9f1ea8857d416a0af23e81029a7db549e8df3217c4 96676dbb157049f54c35275c960dfb087d1ff119e7709bc5b11074b45e997e07 6edfe6ef35a7f7908e6a887b054b5aa697f00d1537a332675e6218ffd7a02071 09782a24b5a800b4498501f2d33c60fc6b8f2b4a919c279f44658c345fa31314 ca230efa76a5f9899150133426f5065f46fc11ac58ead007e9758b870cd80e78 e73bd8b8396d12820a8934a089372cd2761346c68e786dd1dd9072d690851b3e 39c19e7de1c6430e66e1f3f8f3f62c971d4c49a62b5928b20fcaccffe55e7663 75561c8830f865f2816ee896c15c20a0188be2bbbd6cb89db12637435c489fc3 3dce8322f749a2aed8a9da7c0d2670a82bce10f9038f286e5fa94577f0fc57ef 10c3579049c2396b2cb5cbbcd8d7a6fcf479bf9c0e16f2909bb14b6b4d735768 0730c7e1bc0ba0fac6e3d8bf8baac1953c5fc5c3b3d77c3bf244cfe8b75cc0f1 cef4b489b037f6adec49906b58b67ac504a82b65c3187b46d906f9356c284394 59399e56b27987c50e4320ef3b805efb8b2d76463f3084becca90830f3c59b51 1cbf329b143a0932064dc1ade7da9657fa218779dc99b140be6a986e17a09e11 2bb6ba2a3011b5820bc30a7986fbb3356cfdd92f6287264d51139a12c59f68c3 7fdcdc9bbf1dbd3343c9f0e2706b84c580189e0f42005b0cc53ebee3cd885c87 4d5be389a9743f18c109994086148154257ff7827b16ddd87752853887eb73f7 5a434c49cb043580e18b6ca33a01e61e9e65c1fdc26aa89ccc0c8923400a23b6 960eef6b284f5f03c8e358419ab7e9694ae0aefd5a923d9a6202a0764361c84c 2c35d36fbef41f51fce55dbe751bd3a2307e70c0ae055f58eb20271cdb5036fa c06fc98500bfc6a56de88812254930a7e1466f00179750d19f66398ea0ba64d5 b8c1bb5014dde0701b424b0e16770f1f14a0806f353ac5aece75b49ca51eafd0 9701f4f2068929dea4185c6c9c9be9f509eac6f53ee15e584f47974a0b96fe14 3c5a6986d9cd1f4bc13a50d2bacaeeb71f2d827bd08b7f0b9ac870ec468719de adc09c295222b90c4eb25a3badfa88976b5d9313a35e4023e8ea146ab4369f1c bb77ff371efba8dbbd55072487171eafa446be95f970683c67de7d19b07c3c0b a8669e9cfbb19572be0eba1a6f59d24a3155b01f6546ddded4c69898d6ae600c af0af11fbb7a9b77927a2da1da65f1016b455e517fcbd223d42bea56bc6da442 08f7c373abfa4dc80b015c518834a2f441544a75ae5091f7585bedd31c0e31e2 58a3305e60e836d22e5b0bb68850b92d6077e74c30b0152625052b0680b95c88 ab59fbbf1752f23332541f4470160f63fac267fafd501f1fd9a249f86467eccd d701d7d7db2536cc21ca3710872e9d86cba52d409eb4f88ae22b6c75ea924ecd 2691c4a41aad316f6fbfa2224f639edd890e38ebd0593fc1b8a9c2f7bfc4782d 20866850568dd3d2d4ff5d856cd258628cd037f8abb2cffc4d8ab77aa8afde1a 72a2ae423d8c804cbaba16510b11fc00268ae98ff9b89f2839d9fd0043b3028d 4a923f5859ac948959e116870857e2cd7972167acdedef65fc7ecd373d4892a4 a81f2938aee35ef632759531af1cbc2f9e744e3155e0fbf9537509ad17fca273 8ed1dde2831d3cc57194785d805cbfc7c20dcf3feaf5f171be7b507daa8433f5 5556dedde7d7dc3b27850c53031c2b9f918d6ff410840665f54db122042475a7 20a8f15ef6186413536aad11334983eb0b5036f6f89ece87b2a5d5896b229959 0d4e4ccf74a156bf4102a9b683b430b010a746a7cb1399fec8f69da59ad11b0a fd353ce31912ea745bf0b47144171a5700b128664711adfdd007577cf087e546 48cfe53b964beb5ba3f94fa557b3646fb002ff9c22a6b8456d31f143ec6bf376 a163a205c9d2f6ab9b1231d509e88c852ad53fdd78ef0cd80664bf2b43dd4772 b7d657a61556fdf6f964a600d7cd918cfb24ec33f3a67ae5a6587fc10dcb26d9 4919847f6e5f4ba757ab6b55f3599e8369f785b0c63b091b6e3051e0316acbfd 576839e1a2f2eafe7032d9d5363a2040de9c3daa4ed3f777568bc4986e76fe52 1d94a265bb89f2f1155e2066c4585455f31dd0607772e930f04e9204e6889db6 20d6d009cee8bb1f4c8fe280a03d181a21d40b80cf0f08c4309240035c955e39 4d7d445f825db745c750e397dfbd3ff556697f1491a8c8102b0941f901857e07 1a13ebe7147dd568d37ad11663af8ea86c8e706c7e1119eaf7f5bcf7915d8ba1 90428d61c592805fecd4dc0188e144591120c84e3fb89bd012116034a77d5340 7f403c32de153a769d54a7144dc94c03e6b32aa8549d34e727649cbf0646db08 c0be7a344a863894890127e61851838037bd9d076423bfc8296cfd6e01d66f6b 5c56da74208db017c583e9b002b348a2e56dad3316eb08860b126a10e5967dff 20bef119489f0e10041056dd738f8ff65db07f5b55fa0ecf9bc917bc7705e7c7 b64ca63aa4083316896ba5ee578788843859fc81953d629c81a8a5f39b0cf9d9 5481e9586cd65b71cace4a3d25af4eb5e77f431066ff72e01b772a67635032c4 3f3132b1fd2148c34b83c49946fe472b7d81696665fd9c8008150a3053857261 61d5ae02ad56f91cecbbb2850b3e32bb8f05195633f1ae78376dd76a832998e1 590766c37733bb55dba7ca9eb2c8d186bd18b2c8e6cff1bd49cdc6652f884162 1410447de4851cfca8e9d1aafbe0fd2cc3d06d2201929b683417e7cc2269b084 6d7ea30f0b4a32dd8a6d26d3ff062317253bf0966c02be782b5b73e7b1149e5b 4b18da73cd54b742d727f1b3b70fc64942de916ce0ea7d4139d22f4625de4645 d942c0a0b558d228e64ec19da22d0acf4cc2a0cf0d8771ef5752d311df6474b5 2e9532ca86fbaa19de9b8e529ed10adf791064fcc56f9b1d86e907c4bd9b1a77 1a05660630ee0995f558cd0419117e4bc736cf954f5b703ebb3e986f9cf762fb a8ce807548d49e2cfe83c04fe00521289426bac3579a8400fbde6fa6a3da6f22 c9a75996d09b9f1365e665bc42640f03f2c506964a4abcbeac95a07a97d666a7 f106307a90b03b3b91721c9bf8f763ee3022c3a318d0df611c49450433f7fb1f 5e0c529a5ded9802307428d4c18b84ad36f674e36e050dd515d554af981010e7 9604293e5c87e7f97b778699e129f19e6f19c9b8a4f307329c6ce1fa31436e65 7c48c1c26bdab0759787e130d6e0caefc70c7ea14be9856f385af422cd9d9f3f cf3617f3a3ce58489034e48f9cd52d8e869089ef7d27cb171c7a84587ef24894 133b13790a6150d75cb797b9d02f7986803c2fcd2c66135066a9d98a3b59f0b3 cc6ebc65ece218c4d9ffbc72df1f96311f9e24b3af307491f33f3c72252b4730 90457f123fcca3b43ec0ab962e2c186074d37776304d3996c3be1af6912a701c d14f36b198b9d1fea5b09a0794d56d2959c6dfe2fc6b0830075f044fbb4f72aa 28e489769672c34430d942d0829517470b396fa16661e1c1029db6b677a96fad 6d5aa16e97689af6d6464aee85edd7160a929a2f0c351b43104eacd0adf1c042 2fb0af0e0f164251f3c4a3cf24537ea4060dd897a497de68717edf018beaff47 69c21aa33067e98e331dfef3e7b36d338abb09e3395c177850a68ee4401b939d 0cb93487639cd60e5f88642514c91dae11f3fd2635e4fdd2c01ab17cd1785c2c df5baaf7361227dce7d44aa9cb7ccf72a12ea057b404a79550919ec352ab84d3 fef17c9f848a3d291aa2070105bbbc143bb48ffd4c1fdfac24b1eea39782c0de ae87afb90767f3a8fc43c0e2bb569be0056222a1f9632c350154bce16e44c11c 8d45c03081c64663abe1f83220e5efeca5661fe6f9ab564a74f3ec7e01aead7f f21e9ca8169b6ce332afccbbd8bee5cec9b0081f65f6788406c6f45c03e6a968 a2de7686de9ffffdde12a4f13b467bd1899a4860353db0b36ddb6ef1c029ff7c bf00fe376b2daed5c7b648bde4bf013c1a6840be2b054ff4a7d3248543690a07 1d26329a19713971dd82b2a3e5e3deb38df996095365e09d68ec71596ec4a1dc 3be8a8db322b71e851ae241b124c4dfbdd76324b90b5c095a80bd310c65cc1a7 550e925fc282785456ddedf5d71030191f05d2351c6bc156df9df4753878e90d f2e68e0d707fd7c7430c3fd4175ea2bc5a6a7b178885b57800459ff8af0abe5c a9ad1e7b242cf084c621f046e9d2ecb0251afeceb39adbfb6dfd96057d0368bd 95a2bb0edbb1bf20d3a561f2df135e568353eae813ce6c1eed909d04900d416f cf2782ea0689ee6ad255a660f7f4ea13f487d6488c6b54c175d7cdb716826a2f 222a7bc35cc02800086c6cd9ed36fff7e90672ea2c0d1593b5e4728b2424e9a7 8ca39c796aef656f65fa0b87ce6fc3cd3ace91585b3459f0d2443b3ae6ea16fa 528054a1dc69ce3038086b05c61ea7e4117057f5f21121ae1358ef0c1ce7b45e 68a48964f3f010ebee03d061919bb25ac8b39cdabaa0e8f854306e7a607a60f4 dc1f3d6668938040fceb3b959440f50668c7afb4770df534131133a9c2d8252c 24de8cd24631271add833dc11b601d46f2de5f4e5d7380fcaaff0aa28d544756 358b06f3e46f54c4c87d6fa5fad3876a6e42c3f2b875fa5cc58f0fa1af8ff84a 9065cac7e0a4b70534c12165e2f2d5c6df3e60625addd6a372b539f3efaa49cf e32669c449629bc13ddbfc0b64cd6eec781253217c5db0feea7ccede5ab28dfc bb64b57454f11dc0ea90eb5734b74ec5701a2d079080d4251a041050a5b47167 88150367aa119b5392050799a6e9d2aa135d37a0b26d7055adac03c1e1b9b2ad db3e29051639b1b843821283c2c361044f5e8f169e0390839fdaff10ee8f9114 cf301ae1dd3d8fdce27f624ac102a44349f2b9f24b25731db4406dadb103e884 7f4a849f041fc0c4b8fb8dc789ac3dd72d8de922515360326c890b96a099b57d cc1944c6e3d3ab0dcfe4e9323b1c6906ec699be7aabae9b34791c0286b39b663 237f2e44426612eb410b1656547ca36ba608f653911c18d3bdd5377774007053 05f0e608c8bd180c20465edbf2ce63900298d79f178e474774b9b205f23a255d 53e2b6a7f41c6479a40ee20a0048b0e0f851b85c051a38972efb06cf065430e5 928dca2a8beb02fc52cc5e82bf47d7cc7c14f394ecd4d976b75a9d9a24131bb5 9c790e52f85186e54147c1bc6dd5aa324107979d88f482b26514dcb3a280dd68 10884471bd86e199f38dd97ea1c207bfedf5cc0ce5e7ebadb5a78b52a0776bc4 77b33050c0b300f64858371f2fdb46e56c721cceecaacc40b0b5d16b0846be18 1832274845811b18784a09623839bab7a7efb1fd78fc882937caa7e3cb6046b6 7c70e55ab01df14bec956cc869223f3ce231fb3828c2ac08996c4a9953ef02f4 c68e9f3d0ff98f04b8c1e9ffd0c3a67781bf4b2984e8d17231822883e0f36df5 e411e9caad9f33646d3a4736da6420ef814a615fe8e5e6643b3e0a873e2c5209 03d8af28ecdfe2fc392f2d0e9260706debec2e72fa7ef5e9bd492768325c2ea7 0d36a4a97dcf7962f0670d09fc2b15c5dea7eb2d0fcd3ee00275fc8896d018e4 8215ca9e02357b4a0019f8813a658a26adbbce59ae3bafb963bfbe0cec81db57 9e73b9588d3b21bd8ed27ecb57c6381c63b4a6d55b9ea5a668ee21b85d35cbd3 318cba67eaf945c667019f2d3d5a88f4850d27aa153e8718668c60debb54a2b4 53d7a3530e71c5c0d5a1e8fd9456ee6a49e39dbbed6b19044a6b15855b8c0b3c a0ce718c6ffa64758bd705863fa40374d57504f8e327d7dad45b7fe0992fc25f 4e903131653f2203f82e82ee3df903360ad59b1d574e7a6dfee6f5cd63b26a35 5d415f30075b6d3c3f65205e049ff1fe89115bda7e36ea162b85b10d3e08aefd 8233bbc061c7bec9a7fac1b87922847f9a2ace0f950a7f6cd404c76addfc65db 0c2d88e35e35ad495009f2dd2e0f467211297bfb4306eea06cb8d78decffcb75 4b918308a9548fef214a00d9d332378a92132d9247d3a2f0e9230ec59137f4eb 2fe57b9024edd2c1c5c35dd1f03f88d45c194dd00bc7be12ae7d82a2a18a2e4f b90c45b593caa67d5c686b4c0ae43364be4fedcaf801c57cd08b39c8f66bc1ab 7118f44277e560fb597c02d33d0fe4eb1ff69204b49da88e526c5f1e63bd0adc 3e814b46804787fc22a09b5915ebffa456317b7425df9eaaaea727fab2e85b01 c83263d852ec6c0c891bd2a281e45aaed3332dfd33d289eb78a55ec6f464337a 29be0cae71c8a88a49726327c7a04eec03eb96becc5bbbed4d0e07b80637d0df 180bb3a0e1af1f22fdb59d1fd565e80777d761e1c08adab92e9010e789c2be69 cc7fed7020ba9aab671fa3278d4ad530d5046d69fe056d638691432f5936cd2e 9fbb168a5cd5922e85ef5c8ee8e895f1a666991be6585a440c11bcadd84c93fe 8baa06d7d12f114b97e7fa41cedacbc6ea43b8ba506eec76328eee1c56c8f9d0 6157fb7d72639cd60ea8c162222b58bcfca772182e1c8ca5fcba07ab8cb14e32 3344c73616af23482450024453d7f88fd11e1cb2e7f1972b5ac406f4532068ce 9f9c723f70673656a68ba5f47778757d7a27bfe6f21bc78005107e19e737ab5e 202377640777e1416e1c6082eb4a2a885c14a70cfb26556eb881de173a3174f7 ca8a48fb04c2af0d2ff09b880fa81a518b6caae6abf7b0e91eb402899687f8fd 06ec5432328675ec67fe6b4ec9876ad4b21c7e3ec6464cc5d413812d65e3a64a e65f6131d5e50cc106a826249cb157dd5d984f219a7f68ecbb0d19e1f29dafdc 694d2a24f641ab5379049d579f8d382904bc400c7915e44aa8c0cb95b0957d1c c577b542762b3c4f3d981eb2e0839fa2d7e7cdd52916390d77a334d40737678d 5e1f857866d58145c5a5791067214ab371c73849737497686c510f534c629557 59c232ac9a7c1893fe374c4833fa8b5962576fc4ef31e663c0782ab1cfcb4220 95e71beb42bf1c7c0ef0f08b57c9ace1b58c07661eebaf41e9b5607f9129afd0 8f759b877c2adfcb5a18dd58b755a1c0899e00d4d3296aa382138dec89749ba3 33f6cce599557993969af2ae7c1076a45866811ff8fab866ebdef69da7ce2c3e 3ef2ac6a6fd915f211f2c40a44c3065ce81720362fd00bdbc3bb47e003a3fba8 2ccab21121df27e4297f3d669f2b21267f1f3211e8fe09cf665024001ec53b75 60ddb0c3201897bcd98e9cf3aa8eca8851274ab77caec001c974d8864288e1be 388c4d430259d15ce9d9fe6e8abb79351538d6e1f2d4327d8c6497c7c486645a 2d14147c131afd39db6f868a0bf7d5ab5697b5eae497af5170c31d83287a855d 454991dd0268cfb691d38e28199dd7bbf47cba78d8d39b40cfc481b81db0ff07 35b8f943c86d3c6abc48613e94b80d8c7fdd7a61bcca1e876ba54e3436ca1fa9 a8187a33f878d4e526ad8284e6209e4f25d89ced88ca7a2efc7ef7fd6c3e7cee c399978c5882e926f83d44095687ff604d34ba588b217cfffe38a9e5b9765b91 bc90bd9af3a38846f1f167db751f16b3a26a90bd6de2a20c48a75bb3b23b0547 236f89f80987e348e7caf6669ce8f7f5fa8dd319c4f1ba65e2bb54167e1958f3 017a1596c87a3ab76161666f34113ab8b16d1e5da7d535c705949d3a6b36398d 7d2022518de508a988bbf7495cdb27d4af9666c4f93d5bdf9aff979622255f68 1ebebe4cf789d000f700d89be46dbbfc2b1edca283dc4e2e46eeb0a6d1133144 e04031a7c2095b795162df0926bb9e4ec3685bbb817861102262b932e70ea0cd 9ee4a88c8e0594299d9d019dc0db5bfabb54fbad97aaff066fa866b1bb894f91 891e34f023cec5106828ebd13f76bbe5eb03c142da9c8ee14484403ae5fe2a07 7e78819f722261855ee6893500b68d2aa84e975b00cdce68c34bca821f8cad47 2b1bd9877ffb6f1422d2053e95b9acfeadae1ff4033553ce164d4150b31d04fc bc1ea7fa981b02acfce1d92555d5e4d52f61be7b1b11c95a83d6555ac50aac9b e647717985bf0a1c6b3e2464d4f95d2efe3b77801c43246bde45eae908b940b8 9ae1fb3abafca43545340aca63a736c4d0fab1fd8d4fbbd9f212f4e228220077 6262fdf0c20cde4333154d22fafccedb99856c1ab2dd0964c7dbf8892197d68e d33e6b41a890d73d656e2bdd0663a9d28c75226796a069b861f63afe790d4ee2 12fd18ddc4b6e27d6f0a4db4d473d0f014daf76486ce2809be21e9507c62a316 5d9d8c129d9464885a9076159cb413d2d7c928ea0e2fe3a7b3acde77d29978fc 1760c643d8d0066f40e68659966d8e19e864299426605be40700a599be66adad 554c9b195c6a702569600de1148e3e5461fc92c75b45aed98e7d70218eb02df5 68ba25079b1394986f7208d6dabc272ae35d6578b9525d7470fe9560159ff943 dc72db959e60d3826e00fe1cf2ec668cb63871c230879e99eed66d6dbc553b52 93cfce739ea094b074d5e4fe11193ea8ed49946c83ddff480cdf5660a75eb689 124883126fb29d731189e33ce768577d2de4f70f34df60811a2d1925a4790170 3f842bd4ef9728e19a5f16177ecd9b351f9f55105cff731c86ec99693e67fd8e b772ce40f992b0948e3c858b03d132377e62fb95568a7e100f56fbe64739b55b 4d29729cbcff4cfa719e6fec77c13da0de3f1188cd581e969b65acea30484a07 933c748e8708d6b463b04b1d9abaecfd32f514a364ba9e216f82940a5e813a70 ccb6f32b36f8d3dfd9ad6112ee763308d5e8cb6c0ee275ed5c329d07acfa88ec 1d911f1eb16af290edad1219a45875f30693d6a36af322934cc597f0073f6457 81f35dcd965dff4faaaa775075d80da22a5fdaaa4ff5d40188cd5341be6c778f 9655a5a20c18928a2d883b1bec10e1d443ec9a152efd4ecf008b88f886b967d4 1d278653e0cbe848bf17fe3f778cfa38e9a79a507a231b1ef76dd62fb69ac5f5 3fe4e7a0a80e574fcde544d9c8074b0cdd90b08f6451f566e61ac70cfe201fc5 9675bd6f09ee4488c0e0d90851d4c5ace8cd4cc7de084d3741028400808530b2 7d7f1860850f539a5fdf2374f8c1b0cdb77500892f5d0f7e4a39c629b7d4c16d 75430d49c67c6b69ac562d1a7455e38e32755a85919a9dbdbf4882d4dad70f96 86f217a88e15aba7dfb24193e4d86648c8e2da19336b38fa8502f47d724b2cd4 3773a767edad25f74163507049902b7b0a8e3a8c57b052bab00256d05aeae306 79dba6c641b4be28a7888f625e1c1faa849893c682256a8406026d22e9b2c8d3 8b12eef74fb877629679504b030117f4fedeb38d645e578bc8382441fe96572c 393cd0a96ed1dd5f44d004affb65e95406ed4af63e23ccd0203bb017888351fe 02d30c0c6aec1869906a97039b604a8d885e55a58c30bc6b70a833a4bcfe8662 26c7eabb7226dbeffc544d040e0d83c311c2b40dbd64044994686b37dc2a45e3 5c904dba6263766e9f388a26b383f165c10b4d06b12ae0846fa18a6a303ad03e 0e0120604f328252fbcd85d39747cff98a10b31bad25f97bcd69b3ba6aa213fd 39641f1c43c6eed90d045a9d660baea68ac990c4c3522662a0d36b225c6da3d5 01edb51ae3d6d79dd1b57a3a2cf84ad082f2a12cad2877c60e7dbe96ff251b22 01f8fad499ebd1017200eb5673d21e82bbcdfb0c382f49929a62c14c796a5225 23b091fc7652eb5680b2fa4373a36e8a640ddb6e555c33af29f2842e10912581 5abc656d62b39862f29c82a27b788d46d8144dae3c5a8e4b87a3caa72f76384d 5896d527fecbe9b1068b5e6804769afb6208e771fb9870d6357d60f56855d3d1 ea29b59d8a7e9328c8d4fb105a42fd9cd57fc067dd079876e6028a308fd5c342 5976f122d6529e5ae60eec259a850fcf56e6c8820954e2579893aef5ae3352b7 b26ded71cf8b913756047e1dc0719bc5e2c37905ae5819005b29f13099e6efed b132ea55ec4bc8cbfe95f72691d4ab3c49fb6b49603961ade03e9eb276cc9794 8d024914617c100051c788a950b3f5aedfe18152cd705f53eb6b53f6718be2b0 426020715f5ad14545ba39bc32577394acee42706c24a9c8e79347af2fd407d2 2e06d0ebc006b7abb206a5e3ecb56cb3162404656eaaafe95c2b95bec7669669 101c285300edf78e1a4222032c0295908257c28c868aba6f019358e14ca2fa12 35762d897761aa383e755eced4845e8a2effd33947843ecb2ccbde4aa17253cb d406fbc2107aaf9d7803865be129f490247f79efcd3de32e6f60a65923f4d5ba 9613f2048b7c2609e03830d5f32c5395fc2181d5e96ca80fd76826488fd00f7c 8d8bc961be5ce00d10d7b4840d72885701cc20bfe08cda04c66f74d1a7706e67 a9932f82d9992e82f4dd46434c84834677a5d83d56c8339449cf12d5281f0fd9 535885cccbbc206bc77bec26a8cf2cc70dc2fc005b0daa46b347083931894b45 ad9d39e35f76538955913d9ca5cae6351b6a59f90396fec211c6ffbc2745a33f c4ae92b70d858b90547ecb897469e75fb264645bd1369a68520512cdfabbfd76 4f1d180079b3c120650b23011e9cfb43e9d3f5f5f67fb48432f26836db3de9ac 3c57c336abbe953ab379eebc319482f933373ede8f30ed8e0215f38393873ce1 9a51eeddcba8cabab631b00ac3f324dd4e1c0b330e06ce6a79c724feb5118bb5 c42596870b532f86a28660158f5ea35a79c8edd09ee34677c7f95d36c04b08d3 8ffff484598e90767e96e7fcdfca37c82d1808bb5ea30d281ce8784ee164eb55 5087c7445e36ebb0a746a6961c39dd78d1d4ed8d2895e25abaae05413c3be8ea 3c1ffaf975a7aa8380f6fc111ba26476eed90008946d5de788cd50ec7a6b66aa 40036495b493e07d34b22e6833b063d5edb882f8f61c635b1c6064334d0d76f3 47851153e1efd092eafbfaae15b18f20bb8cd699cf1062ed7c11e43c4181a78c 437185de0cd49a605245b494aa8a6305375b5f067a2d50fe2a80198271b67e7a b3debb87cda70761f234387c0bde1dcbc2f97d1da454ccdd3fcfd78626bbcb58 bababe21a23c67430c69484ec92c24710f561c20c3e8bc7a75a7cc6d9478a659 3826ea17aad6bc70c25325cbc5084933add96972498d4a17d780ad5d33b0e165 3e09126bb9245f524be55e3ca1ac11e26b8ecb26f455fe8d6fef90d78b35e259 c1baa34573b5b257f50e4998bd4eae72c8359ea93971af6be31f7456236165b5 85cb89dc3eb35b4088013d404979718ef2767cabcfce5269335126c89e80edd5 c5c86b23cc0352cfee11e7062523d22557619a2b45f2f8ff9da0ba96c89934b1 5a78cbd3d93d3c418b081baf415f9fe087c1b4d8a9a7aadb610fa7f3cb16ecc2 d87b37d5346312ccf3b629d2911c8c4802fffa4ad20bfb001ae85cff1186320d e9a94221d0cd8c2716ef8d6157f587b2fe6d09e128885bc54015663cc39c0edb a193b194595166df6fca3c960514d9e269de66d671119736f7a3336342fd5297 5fe50cc188551b4cb9fbfc89d7e3a3b66d5c3ab188003f602d8661f43e29b90f 0233b7eac732b159543513b9d148ddd5dcc54548be2867bf050fa3ff5f605064 743b1b48a92948d3a9e3f813d97f028f270d5bb5c7e1a535ec54fc3fa954014b 8a2a17170695e4e86965805df82c692804d1ed4335f504411fecc4101a109092 c9f177cb1800ef6ccc4b40cc9bc3de00745cd6b2b20ae49b6ce046d83b9e2b0f 22d47a69e5a223b6afb8eec6b893c780048cc0c4ce950a306ba8fe54caa1b0f7 36f6591c97f2ee32237077895f909f4c334a6ec164f460f2055fc870066245e2 0a0faa8e09269ec70fa16a3e2d27af5649b0e819525bd390e4d44fe9a604666c 03ccdc44982eb7cc3b64951c8ae287c5f79ee4edb8d61b0b084eeca84011264e 76de637a182f73a2f5d07dcbec95eba0b36bde8e0368281f0a8884aef390418b 9a2fe26b7cd6e7bbcb176e2c91893e2061ae9c094a225ed979cfe04c487b8f52 767a72c288c1c59ad66cfde80ee8a9f87c1e19c7366742d92930ec3b8e9dbf30 f3941074c899374b4b8c538d2fd93bcf7351686c3178e083271a8df919b611ae 7e4dfa13677374119405398ca669bf86e6c34449e7bd5396579c9460cef800e4 2df9b94ab21d882f6c9caffcf03dfd910786fcf62ec2dd161a1fe435c0d7a9a4 2512ec4c9e7b9fa27df463b70c22867ea87896a68d24854a8f10fc4da1a6bd1b 7ed0eacdb5e1cf0797178e509d167d9c1215a1c1ebd6725cdb70b51d64aa0d43 c124f107d52fb1a85d1b5ccf3e6a4212a531f3dd4b2edccbcd04fcc83a0b9183 8fc4dd78f6a1414aeb523bea862a08acedb942e16cb43e823d4196f6a3745a11 5a00ec85e0de347e52e9431543e7e19218994498fa561f07928f15b906afebc3 d48a02d1d7ada67611a777be64dbbaacd57924f9ff0a8eaad1972547f9569256 b65c03b9325bbf1118ad00b4bb42d2db0570a89c865fdeb6217e76b4d3bd233a 16866b1e5201d4d3a8a63100fe7fd6d74fa36b5648b3bcd4e12267f8827f597f 8c4b8684f7fbef3e4cab7a47039f8c972af5b73c01f39bf9f4adeb0d5653ad8e 59545ef5eb03e6eb4b43a9d329d8d43617dd8b146c59203895148bd1b233deee 25b03b6520ebb0d532111143b88a4271ba0cdb3beb485b2980d7dc5d92b39fa8 a6f4774156de36bc935597ef020c65f2d6e24cd48be08b6e7f98b19555ee3b4f 2cf222d489e7a9a44ec6dfa5e928e3a6b58226c31a7fe9d9230384446f955607 b5e99027aa834d9ca2380f2f3d95be48a3a22781c022f61f5a346972bb509aef 5096df319af5515306f8a2c4ecc8dec38448c2c6fd6facf23627c351667eaec2 e10cb9994f890c8bd6f49d2e07d0a4e7284ff083849aa000c903c0f8aebe2654 9fd050b81dc2c947a7dc91be54232a34dab8149c4f59269f4164b42af73747e0 8ce91d16ec31d8bc1672cb396ff8311008e127f5ee3c3f7978c599daae67f93e 77eb4a110d4a18546bb537af46d5dd3d73036a0b90d5d0b63f30c164550596f1 ceac9a8c206ac4cebbfd3b5efd67b3b92ea13239d910bd65429db87cf65a5440 bc5e01e8165907b958dfab9853b533b7c0e8a1f6baa1db56dc6a7a3ae2150e78 2afc4a24f024b8698642ce8d75aedff9fee94d9ec4e8aa444997d2833bb60da9 43e96f8797d4711ca8270d0e41d1920aa4bd5f465b29825e39de60f43ad6b39e 9a989717d12a3027343c842b2d72c023da7099d97639cfbd39041c1dfd0308a0 19ce03444ec992ba7a4e288b7e5e006523454f2c11c4fb87110606a26df06bdf 0dd9d3e39ad88f5bd2a47749878dbdeee30e9e16f6a9476edd0677c284cbb7c2 a747ab0ad442e17582607bdb5850644a17b7a058de6b9e5a2205a6a6569ff8db d45e0b77ce387170298c6adff9097cfdb68ed5a38529cecf5a51b6b642ccba36 6abb95578c8f3341ea170e2184e56235644889281700a841e61d65fe45b80519 dbfc34f278a4e41267214e1fdcbbd28ec63d4054f546e01e5832cec3d334d135 1882a8ee3959789ccd6710cef5fde654d5d95d8fdc13de9b5eea485b5e06dfd1 14905373243166ea424db6c3b4923c1882fa92d637713fc8c681cb9ef5c36c6c 7316d366eec3da9f0757bceeacccbb4c8595bf08288bfa9db6b8ae2228899df4 733c43ff38b7c341f2a0f064ef3f0bc4200a33c9533b9fc558a4fe35cd39d3eb 8d1c9039f23e3a53e848567cefebcf8009f5218984c9c741aff363bfce102476 6334f6cd2af17fec522fe6443f05acecd002e5f52c86e516aa5b54fcfcebd170 b16f45eecf032b997d3ffb7354b8c4f546f6dd792b6083ccc5fd1faadc8c284a c43f61289cf097bdbbc4b264d6356817652cc0407b38545847f4250e8cf6d99d 68d003ae15085663b50f6fccd4df7cad70798bcc61b5f30ef670c2fbbb4084dc 29730548ef5cbd722c86f4cfcabb29173d38a7c538befc281cab8f96154b4655 5b0842bc78915d712da423587af2b2b17bc21c6ac6713d3b4c2b61daeb167165 7b605f40a203a30ba6bced92b1b731601470f92a64c7cf92f078376661ac43a4 1ab0d7ae73c5f0696f786efb93e8957b78b7c5195573aa0dff770b7e7794f4c3 79ff017c232af6dff43cc336cb17293cd9ab7281e85391d8282daaa670e2d368 8c452e159752e25efbb945f66af6ba563a5b14d1874b33814acb4d11d2e30981 4413aeef55e37168a42461af2b1b0f692b7517606aac072988757cacca2327a7 c7f78db6d8d18bb2bb0663f2736599345be8978ac58fb4532025169ff340e752 d47ef1b5ac5f5bdcdf43919733d7e3935f3c313ac36eacc45f0c875698114a03 56980b78247805c214ba8a5adaff6018b8ad740c2a5b3a5c8d50b0a676d0c8aa 73dfab2cc9307fb34cf75930b930963cc02be23f9e8b87cd87d50e2476cb74d7 3c943b88b07b0d6210dce1746769194d3104bf19a0a581d7a075b19da63cf19f 5a87d463ec341664142d5dfebce4cecdcdd3f8259b51f86d5f797c18d83b8f66 1e05bc15c50398089c5e2bebd15ddbc5c07e382e181041c575481a4f2a3f2e62 6b7b54a29b8ab08b35d1a0d83b49249741526e4f2153c7192b06ee90c443a9d1 8e65b8b0637a89688524906d9a58b4d6bb275b0f37f4a115745fa428a4a59e9c 74499aa52ed87c6a9a90e990236d7aeab061cfa0f12397689b2d0ee12410932e cbc4cb1056b59d186ebc39de6647946e7b92ec1000872b0e4c9ec604c001ce06 2ea7ba53f55d1abcfb6e7b14c0b36ebc72ff38b4d1ec3603e1cabbcc752e86c0 ced21ce61a3c9150e46ad1f93ac225a5ee6116334d9da5ba443794db8708e156 28abf49b5af3909813357f3044a9c8b42c028e9b77fc82700fcf5a393c0c4839 436a5ff5a22780be7433312a6fd87b5ee1313b98edd7cebaf11a318afb19622d 6dbcf9b55a03cbbfd3009f53e292cc5975ffb1ad136ed00c725356772f09d4b7 0544d6ed305440899e82b793660f3fcee7bf585e3051c182f5550c6b9f8b8f98 38c1eaf41dbf8251bedd53a58636c97372f818ebbe76b97ef427d72539d26be6 38ff98c056b705492c12a757149563a42b12c43208ea92f9c308b2f187becb74 d23bd82ae5878a946625d7a67921962e4e3304cdeda5bc47e402955a76aa8718 7b21ee388157d64dbcc44d263ba6e62d633bdd64458a4452d1b5743636684231 3c2f3f730ba452ff1cfef86d0ccbc09c411fb45eaee7861ba5fc66b880fe1c3a 73d807dcf7103b8dfadd56db747508cbe258081a8a900989285679999bad11cc caf50ae6b130dfccdba999fe9d93dbc3dc75066b499835715ddd42443c8d9786 8fc2784ac119e5bd441218c7e43268977c6a5d63697d43ea9a21a929ac3ab76c dba7b30682401e40fea5a14bc858d934261459a0e274e274f38844a3ea36bd6e c4034813118d49aca0f8be68e264443521289c627ddfd5751bd5728a974bf0d5 bf06b816fe16e915592447c042bbb529cfc6ac382a4fc62010e10f15d3252ef6 180f76da669e8447edca155c3054b7b709885b026fbe5d5965201ffb16500172 dd7a51df679e9cfa4609eda781fcf520dce1805d0da3e8d243140374c3619ed8 54c8cc1327e27d1bdeeec44614e02ee6337ca51b558f954d9f14f47f704d8a96 86cf13cfd08d945dc516114939d559c9450bdd1867d94fa64757f1aff8d86911 bf9ef43f775cf2f049af6d24061ecad790e88a64725974f26f9cccc3b07e18f3 78403bfde2a779dc530d623820d17e6d050c316d7f68dba980b49e7b9d5856cc 0dda4832bfeddd2261634aa12928a5215860c4b090e45af36aa159ea325e6f70 8d0fe069c2619751dbc3310506c28afbe45288e37e4b92b51818e200d03a80b3 368fac9a24d0b544c9a5442e2666913e261d3cd845a0ef1646b02f206600348b aa4f391dcc0de9fc1c27c93ff94f47e1a5185c046bbadd4d9fe5f868d24793e3 6cdf96b602ec10e4a9a713e471711c4fed02af7d40d435c484d9e55a045e6ba0 88cfe05358c1c44a7cc5ff09b30e0fe58c73e58becc724b04aceb9e4988cf920 28bf19434e6a2fd5cec3632784576d42b3d67135eec47d72db0cda2800b27814 68142e058d6123c0e2e6a623189eb5d7ccfe59dae52dca751db5c5600d31e446 75420d9f3fa29fb6e99c4affbf6adcc03fc2b375034e443db88f4b7c0b622125 b78038b0f8943d5ab243462f7b9d0e99eb1b0eadb1737d8cb65f595e8733e2d3 262f4534a3f41a1d00ccab7cb1ca330a6c39204529e650d95bf168d3be52307d 2ae130e8471de572550f425f261de6369fe5784a7423a3f9488bd3807f4ec581 d60a769c000fd56bf4ad4728adf36afe46073337f4e8deafa2a834c0f8289fd5 709401e49372ea0405b9d1ac37daea5ed499469c245012baa3d77e6b3864cfb3 74c3c9a4e6728191382470d0d70fdc8eeb74e5a2ed941cc34e9f7146a527480c 35b97b759d6ce90ae6d2d3da6131046035020383cf5cea2a5d59510f3fc1d9d7 432a06c4bbe435c375f23e00b7f5d682fb93d31fcd082717e116dad2628eb4f2 bcffc6796f0043c354635b9b961798239b1c8f0c0cae3b910b45dc67a35c397d 85f4715ee748efac042d3dda901d39c539d02b7e592e62a2501547c0a7da0b10 5bfe3a260c9473b51f584505b45e3b4c6e90b412b303f792ed35b8e6920c4b9b 20bf7eb38d34e46099e08eb3394383f1c0ed21686b89d3c0ae74829babdadad0 c11c5e4489f95b42753fb0e1e80020979b61f797255d61c31ce3094918f6c4e6 3cec9b0e4f60895cdad85e8190352662edebe353e4dab4a5f301376b81b5df1a 3a26abded2c4305dd780912d5db949dfcbfdbb41f7908478a97b625d304821aa 28f2f64d13fc0f3ff2f5676da7dfc021b0d860d29ab2fd566574c6bbf9d5e0ce 1191213732f83276ce81fbd85549c6af72b22bba43fd9eb7524ea220a6eccc5f 785bf15195704996029556f7926a27e0a77a579d723e2a8b2e85648d230bd676 eb94ef1c22bd34c0ca2187024eca4aea3cd063c223f3d37889e08813774e5179 409ac4598eb81fc8270e64d97c76e506d79ad88cecdd2ca0c528f17d51082741 c10b0bc20c69fe389891addf684fcc5bff678c1de3da05d8c90f492d3d8df547 8b4518ded714b28dab43e8c4cdc97611e074841d26daf6759a0dc613285eab0c 3365106f1cffa97b4f92c3f5345baf665e586a1cdc40db759ab09781676d1996 7c23c35d46cec1b80daa31cae3e40784970dd812c32a4c0e043c75a06a0477f5 53d8fb74b81b035f85ac1336ee841988b512682f1e46eb843c33185a3280f7c1 63ce11e3c93db194fbd2bb199f440fb0f262ba519deabc922a3bb4fc66ceadff b69544a8f8136e0292d56c5150a2cef176488cac5c2ba2daa4cb613034098a93 1baa26354e41f811119b4c61a64d156d3c05f7b60f97976110fff40db3e24121 8dc6f38e8dd0746c1295609d7ecd5ddce04fb49549613eaf6603739a514a9e82 0c55fe68032aba40d00f7b41602720a71e265555a61332934f597040fa6dd167 Done Renaming files to sha256
# create a dataset dictionary from the collected PE file information
# we might consider adding an MD5 hash value and aappend it to a new column
# an asscoiated MD5 value could be used to lookup the VirusToltal score to confirm it is Malware if we did not get the sample from a good source
ds_malware = {}
ds_malware = pe2vec("./data/malware")
print("")
print("[*] Malware PE information:")
print("")
pp.pprint(ds_malware)
print("")
print("[*] Completed Malware PE information extraction:")
print("")
[*] Extracting the PE file data:
[+] ./data/malware/e4ec5e2d8509a7c60597f08674b6341324befafa910aa5637c473149b0a298cd
[+] ./data/malware/da0a0ab047599de47b204359f9ffe81b307025ff53c233efeac32d4841a2ad60
[+] ./data/malware/638d8b4c817622aa1020c2e89d068d43fe8efaed37339ee2fd5713579c2041eb
[+] ./data/malware/c1b3329113be9495c5d52ac198521196abd95e10b43a0c7090aa192d66b89bab
[+] ./data/malware/e8162f1766459e6ef57b0063938da6cab886743ee5c5669233424855c8098f8f
[+] ./data/malware/7c77aad390fde87d0b8a8a4c3a2d5e2c15d890189003312f75a8a444ad47fa40
[+] ./data/malware/90355b0723ab41d99642fa4bad2ee77ed1cb2a92cb2c1fe45c2f3869727df08c
[+] ./data/malware/b6315a036afd83d623ee31d4f6d9983237f7d7628a9c85faaf3fef76a818ac63
[+] ./data/malware/473bc48119ba2883b34c83d240085957470e473ec6047cea082be3186dd954f6
[+] ./data/malware/084ae81e93031857b6c804af1df2da7c4e055d58caadf727fae67d3530c2bb7f
[+] ./data/malware/3c212affc4e21d5ebd1e4376aca98577cd44f9436e7ec3abbea5f14edb5aab1a
[+] ./data/malware/47fd3cbebe85ff92a7c7939c289361822c45c1c1c0887cbcbf7478b45244b1bc
[+] ./data/malware/2a44cc2b8cd5e04c31b640a2d7e6cfbe27ddfcc614b445268a94d18756678af0
[+] ./data/malware/f307939244103caadc4a73c86667ec6e601fa082b56a734b723fc7edcdb9b4a6
[+] ./data/malware/321fc8782390b7e99a8cc946a299fe8bcb4f0a2569ea2541ae1c8e1b0659a37c
[+] ./data/malware/ec3f778fe07bf5f3fcced76b5445c2757dbcf38c90d486f8280616f54689f655
[+] ./data/malware/2b17b1def146ff2d023c383784bae55ba613124af3df33cbb7dd8eeb1f830f54
[-]
[-]
[+] ./data/malware/365bc4420db612e21f2c0a17ec94d224037fa69e878c3a6880b59060950ff2a3
[+] ./data/malware/f0323b7e2e721504a0c4539cc02dd471fd5615bb0a913aa4bd0c105dffa22dab
[+] ./data/malware/4e5ea8c3edd23c80f3b4bfe53d129529f492f5b3859b4b9835d8dab8f1b37941
[-]
[+] ./data/malware/844e86dbaf12dcb82fc0129e9f7c8e59889f5548120a6f1824c4c2de139c4c23
[+] ./data/malware/5d0f268e678a5c5cdb08e1c78907d667f4a4ea039cbbd0b4c58789f4f197b737
[-]
[-]
[+] ./data/malware/f1c8f2a783fc891800db4054c1096b77f3908a7db2cdf255d36a6731d96a09de
[+] ./data/malware/f278cb2e5c34a75a2f5e57ffb4c8a9a52bc8abad537a61f481730be0c0b13d40
[-]
[+] ./data/malware/a39ef11b53db39a1c4e81071a0676688706f17ca3667a98c065560a4612e804a
[+] ./data/malware/cbc8c15a7c0237d403ef0b4caa6f3e7c8df61a8bdc34b03c155055cb267768ec
[-]
[-]
[+] ./data/malware/3603f67a6606e7fc32c06519e2afeed15289bd160cfd48d37487bc5f8aaf513c
[+] ./data/malware/32cf4fe1bf38926e63376417b3f8ce2d2c591fd3539839892708b11807ebac23
[+] ./data/malware/1af7a96895ba3064b40323b07f79fe279c9db72a71ea43b321e480f03073b01d
[+] ./data/malware/22cde70dee00d2f5071739d89658114e0cadf7f7fbf742e7b60931625f88df78
[+] ./data/malware/00a02d154e7389d3a5fe572e9800f1628e74b8aabe4270f3282a8c0ab0951ff9
[+] ./data/malware/cab869f98ba3fe1948d2b48fa76fa4767fa7f31e28f3be2b34572ab0c63f942a
[+] ./data/malware/48b2050373ad48fa2848943c04e8b60c2fc5ad9c3f4c7bfd46b8c0ca09269312
[+] ./data/malware/2631aafa045b1953c09502c92f520acecfd0b17a6f059a2e7f10ce77dd3c632e
[+] ./data/malware/72a1639c4d0c53e0d73610a6af4277ce6cfa751aefa5eb1b6a121f090d599721
[+] ./data/malware/c4f1d59feb1a131b6fd99fb352ebd8f039a33524703bc5ecb68b1521f5b32097
[-]
[+] ./data/malware/652cac5fedbc07221da48a735868fb33b55e11496c2d31816c99b1d8a8d86a39
[+] ./data/malware/40377c131bbeeddc46eb0f025f77b4693be80aa271cb0978a392f5b31532ed6c
[+] ./data/malware/67085c902c65567e81845fa9d162bff568bdcd59df67bfe1dd90dd6bf8ea0ba5
[+] ./data/malware/46f0980e21c9995bd5357a4ca872c3d3ee965d3942d99c982270b85f382b3905
[+] ./data/malware/0ed3b1449a469849f451de56d6ff1d23f27adffdafb5698c3bcb4c3e6ddc2594
[+] ./data/malware/e9b355846580911b7cc8507f1c698fb0811eb0b6d0ea61f21305e47c375aa8ae
[-]
[+] ./data/malware/6647101d7f42fd62225439f1065f0214acfffb3adb2f152cd4aab4539ad5f10d
[+] ./data/malware/75a2b1e6231ff9b7dcdb8069aabb0f6c84d9db620714f52f24c1be3c409b9e68
[-]
[-]
[+] ./data/malware/8120f39e256c0869fa09e0569430b23a27ce59c37e1d7bd54b17f06ed0292fe7
[+] ./data/malware/a8d16e74db0f5a450c32a2f67394b6456ee1a415ba4a1c4a76735a9d9fb53f74
[+] ./data/malware/00dbc9c0db2020a47a7833740b12141c6c865510f67eb5b88d6d5f0a7a833268
[+] ./data/malware/47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84
[+] ./data/malware/5c1ff70e2603b10fbced58f7af99fee9ec7cbba62979ec3a0857aee7c682a45b
[-]
[-]
[+] ./data/malware/3f65fc632a0189985f0818a04853cb775ee86b280dc9ae2edf56a6d576dde59b
[+] ./data/malware/97b39ac28794a7610ed83ad65e28c605397ea7be878109c35228c126d43e2f46
[+] ./data/malware/0b67d8fc01b7855cb117bd01bf8a66d5f799a72efe225305921356b14790b42d
[+] ./data/malware/46bc4c8119718c81909742d4faf14a9e38cda9925a2943ba36ce94362fa20a2a
[+] ./data/malware/0d2b7269bfa06c7ee80b4da2c522b14799f947e96ca880e4f3d0b35f6cb1ec32
[+] ./data/malware/1f56d5e7a22c2b767b000100d80dacc0f63a7a4a5039c67b015d205c8aa5c0e4
[+] ./data/malware/8d235cf40112e6b419fa1437913bc903f9a90b17a24ec4872ff17f469b1a8589
[+] ./data/malware/4bdf030e2a349281208f8913ebd504a14b7245f5490b6dcec6037dbd0e6a6983
[+] ./data/malware/c53af157120ddec348df431992662028c761b5b398989ee0f98694979d82980c
[+] ./data/malware/7e6a30dd68215546a890b21ef57bad0fb15a6b7ac64e3400c265c0e0f6ffa70b
[-]
[+] ./data/malware/b382d2387250fcf4d3ad86324e48ccf0288ce78d439ed06acbdcade44997f3d2
[+] ./data/malware/6d475b148222e98a20f165c4868e212788247a4f8e0028afaf5f128c4d0aa715
[+] ./data/malware/7116d03a7d857b18fd970c1e3dabfc953188e64269640eb757b3e7fc1e50c4cd
[-]
[+] ./data/malware/7e701144072b13f33270aeed3ea9eeeb2823840bb36286146c73d86df9221d1e
[+] ./data/malware/a46f94a4d86c8f9c97f2b1e283515f27a0bb3c849977aa05007eab525f4cf036
[-]
[-]
[+] ./data/malware/a8b2cd0b25847b92220f60786ebeead8e47df8fdf737d0676a82335445bf7d62
[-]
[-]
[+] ./data/malware/aeaa2be9d0f3793ef20f834c039d57cf9d9fc5f68e5e4cc470d93f954a102bc3
[+] ./data/malware/18f36aac41ad4aaa1a6b2d475ac41720a081c3debf2df2c7f049394770264925
[+] ./data/malware/bfcc7f99c4e6087f216494fe50b5c4169c2ec3126573a81e26154c500a979e5f
[-]
[-]
[+] ./data/malware/34a84a55a2d3eca30055460dd6b44da61373131de769bdd548f9fb6b940433c6
[-]
[-]
[+] ./data/malware/26f6e0023895a06223a91363d56e71f3e23b2ee59809a08d8838b994a1a8c90c
[+] ./data/malware/c3c47f5b2983a580985735b0fa32d966c1925f248bb97ec6638209d2543b4cb3
[+] ./data/malware/4db151037e5548c12cb6faa218e9a6adec7330ae96418bbd15c8d912f544fc73
[-]
[+] ./data/malware/16aa94d26d21f07a7bad5cb9bb027229aed63bd5e746c6ded2366a60204063a6
[-]
[-]
[+] ./data/malware/d002b5d4e52f343bd5ff377ba374e5d3dce7bdf5d2919b134abfbead90386f1a
[+] ./data/malware/0dd9fca04aba0e49801f3c1f1647d40fcfcf48808603855f955c07b390d1e1ad
[+] ./data/malware/8fe59abc18708967e5a5a0c7d331bcfa3898159b2789572dd695953322914d70
[+] ./data/malware/3e0765de464110e8b2ab5b05feb4b0cb9286c09ae61654a224a64d202f6019ba
[+] ./data/malware/00cb557ec3c36d07f27e264dd6bffb6c858a3d9568878db3fded2a0bd0f9fe3b
[-]
[-]
[+] ./data/malware/538d982b1151cb6e367f5c3a27a02c4d8c8ec0c467d7dcd50df5d7b97aaef0db
[+] ./data/malware/13abc28b2269a73c8d621fb88b487b7e83c6ee014816493f0d78281a504ffeb0
[+] ./data/malware/12c7ad0cb4e245b5d51dafb3d6ade6a22681c4a7ab19d919104cab333f956260
[+] ./data/malware/e16314d8ccfeef3c294865925c01babab9d52d4773466a3925aebb7c90041bf0
[+] ./data/malware/8ef3a0b2620fff9b616db2e7e77e3a07137748d9c05cb26d6dd946983b06b849
[-]
[-]
[+] ./data/malware/8db369f1944a2bceff930181fd861603129a94f5b5febbe5fc20df8eb09520fd
[+] ./data/malware/05f2de90c06301502274b4ca2ec279e1012906d522176e416bba667353668f7d
[+] ./data/malware/72259a3704916c9c60a055321313a70e190dd7662beea77c3c63bc1380abc0c3
[+] ./data/malware/2f3a68fff0973a87198307b55c6680503fc8254bcb2d745e27b0d23343ce5f51
[-]
[+] ./data/malware/2a83f8a8d335bfec595b4c4ebf0a96c78889aade87134859a1693ebae8f9e159
[+] ./data/malware/2a1868e906229098e6f5ef10923fe7cacdbb2fa8cb9623e627f752ad3bff6cb0
[+] ./data/malware/cb0103b3fcffdc166321a9ecb304368095c7b5d4e8219ac920cbe1b3e5b89ddf
[+] ./data/malware/bf60b1c50ae9598d289a5b9e2223cbb09c2227552ff83a490491d6d74f840f9d
[+] ./data/malware/78efc5995178177035e59357d306eeea3c6bbc36dedc5a5be980aa57e74dabf0
[+] ./data/malware/604a974c12832f7aae6f2714f01642d80a72e0e11015ea2f77400a165f96c86f
[+] ./data/malware/5b7b07d1a22abe6baa665864312ff2990cfa41e9fc50b71041742a612f11f7c7
[-]
[-]
[+] ./data/malware/ae090428cb05c1d951e1641d0471b6533a5bda75db1c557cca057a3372d0336b
[+] ./data/malware/7b4870390dbbfd1467cb4554ecfc88704b82551f31ba065093199d8d1f16ebd5
[+] ./data/malware/9fc2af1fcfe6f7edbc0580a7fec662c095871ae1bef9faaadf36a1e737939eb2
[+] ./data/malware/a0b4baff4a545b01f9e18d1aa963cea21d29b4fe10657d2457b6b9afdefd9165
[+] ./data/malware/6daccdfab365667009132e7c938a6dceab09dbf11d9df8678cc7dcfe8abc3973
[-]
[+] ./data/malware/4f63eb99dabefb760e61745ebeae4981fc16d91715605a717d3cd94db2db9789
[+] ./data/malware/3dfe8530b3c7425d5363ecb4f90f1b93bba9dd353af33ea72ccf3aaadf736d3a
[-]
[+] ./data/malware/d3b74d0a7cb512a60472d53d09a5ff4b9813d6a76ea8c6f8b926f83469537624
[+] ./data/malware/77293255d2e6c1d3ceaeed6739073a6844b976ff8497924a4695318f0f61f993
[+] ./data/malware/2f6e2e657c9c15fb9828d2a6b473a77327a2f6b0e1e3d0a0975f2a5c7aed2d13
[+] ./data/malware/cc007c0f5f127e8c6340f548888cc7d7aae12c60e2c951e622b192b272ebc413
[+] ./data/malware/06e931e942a7b3eaafbac790e6ac103e7a77eb2faf1b6d3d4127289a90b985cf
[+] ./data/malware/284ee87a6751d1c031bf5305ca4f5025cf8043f3fe71f0712514beda6444e640
[+] ./data/malware/d059c198f98d55898e15b4631e0e5eff55d0f699efc508e377c84e637b75db49
[+] ./data/malware/2debe67a9d687500e6a82b4896301429280435bb5225bd90abae4e7cb85458a5
[+] ./data/malware/aeb9b9b6e3b380aa117c4fa7d9482119b231c629c0ffc1e6eb3c0c5d066e28af
[+] ./data/malware/242335f7306a747874d99734e86f4cbf9b90cd6af0ff6ad4cdc1c6d1716d89a9
[-]
[+] ./data/malware/5f23c5c42fa609d9a42f562f8e64211d59019bfa89ba039c926abaedbc1c2318
[+] ./data/malware/77b438e42357321350d2a7c0b543f15f817991958364d7d3c3688b9aeb28e623
[-]
[-]
[+] ./data/malware/a63b12be457d884f289c74dc54e9e056d2040e0bb921b1cccc888db4c8fd9ed8
[+] ./data/malware/a2dd820f6ec0e2dc19691b35aa3ae72d3a0e499950b6d54b880a141496d5dd8d
[+] ./data/malware/534437dbaf653a5eb9eeb7f50df6a105800ee722527a598cf222eb488a3a7095
[+] ./data/malware/6056ee4e09c4e67e50a113f5aca5abcf5790ed1c36bf9f154f630be4b1f5e84f
[+] ./data/malware/8e777183a21aa9c1238a306550e3656d3825d91cad569a210b3170aba1a12cd1
[+] ./data/malware/aeb53cb28bf5d26c2234c12e1bd4ec85570f8420e94da1a111bc962f2fe608d9
[+] ./data/malware/db65794f7ef7778c60f9a98f5a30e4a820c16d32ab033c3b7751d91e42f9549c
[-]
[-]
[+] ./data/malware/07cb05f72ad3be4f58378a618eef1b957b9a5a57d6fc6e0f15e850aca5d5161b
[+] ./data/malware/15add92599f9e46fbb9083de921f2bb6d6a5850c500c637b72baca52da8b7750
[+] ./data/malware/b9027e7744cc79f86d3a2c734031fdecc84eb99e3c7f8c2e6fcc7022dc8c40b4
[+] ./data/malware/739b028044f47f6bb25d3488bd131bdea62d5dd3111ebf6cb9716c2cd55393be
[-]
[+] ./data/malware/4edcabead7df2e864c6e874e42f7d6c999b2f872ec3a41b06e2b3193045c2117
[+] ./data/malware/1c22680620514ba964277970ef4f2337cba95f2ee888ce2ba7fcc79696ceaf85
[+] ./data/malware/9441032d923e580327c87c44a1258726267a2c556ad5660b058409df0c37234c
[+] ./data/malware/9b53be1f8b1a550ec9a8d99af5e6ce6f3adcbfe6747a6020b2ffb0db005e482a
[-]
[-]
[+] ./data/malware/6bb4f7b217fa108f6d218aa8acf1c7ca741577073009ed5d265003f05fc09fcd
[-]
[-]
[+] ./data/malware/241d986b7b36353853127986de8d4687eec42b9c39bad2824c90ab4f18cc4961
[-]
[+] ./data/malware/efd5f0db92b96994cfe87d71d30234132a5b5bd61dd9eb576f154e5474c41be4
[-]
[+] ./data/malware/ed79e88bd6f0e5a6472b560e95df02e2a806b51791024bd0ef88e41badfd17f1
[+] ./data/malware/5314ff1f49a498544f8d4d3afdbc8e3536a958e7ba75e5dac1b8ccd183b62126
[+] ./data/malware/e0b97c1bb84dd9723ffe2c1d87b01e88e217a535b570d159641bcfa4952333ed
[+] ./data/malware/8fefab350799a00a43005745bffb8f9bae3d1a8bd6d4861b886b930b0f6112a3
[+] ./data/malware/d286e34dff391567cabc6acadc28fb572b180d56b6cd40d43752af4100888340
[+] ./data/malware/54a018f57390ca007adcec44a49e510ab0cf78e4e9698fb9daaa3fc07cfa18f4
[+] ./data/malware/66c6327c3e1c5f001fb61984b80e58fe9c34f243744f3a8752429bad518f8749
[+] ./data/malware/99052b0c9c4b47c853e0ef9c20ab4c8f4cf234d16b350b79f7c91dae506ce34e
[+] ./data/malware/33d9efb38d0fffae6c67c329aecde9696ca915a571b178a5482efd11413fd786
[+] ./data/malware/47a7a5de661e37d6754f0ca1d24e6feb49f5e8b4080b0a40b794d8904a011ad6
[+] ./data/malware/393d6000d170cd5726668b00a0e99430dd390b0ca09da0360d17e6ef2af69228
[+] ./data/malware/7e7192e906c44301c0a0801e0479de5451b27c4de42a41cde2b4df15ed3d71c1
[+] ./data/malware/34f8571f4152d7f493b5339d175932d3b4be713769aa8b870457ea38bdb9a65d
[-]
[-]
[+] ./data/malware/c611bb7eaa165bd6b85540f31dba08ecfa79076ee56187d28b126ace54bebe52
[+] ./data/malware/8a60b820f87182605953df77025ed1b8274a6a7a505243ba9e09feeb359cb536
[-]
[-]
[+] ./data/malware/ca9dbb4128a952aebe242c09120880a5001fc39b703560e3afc3ff5762c9f142
[+] ./data/malware/4aac6b77c7c48d212ba41a231f62792100ef4b05e5087b9c1feb8a71e63f4e5a
[-]
[-]
[+] ./data/malware/2c8f21f584a3803463d2584785b85f483f5c14abd910bae289430ed2c6ce5e36
[-]
[+] ./data/malware/34ec07469a5fbe567932245cef254e362db1ce3a9c97e9cfef298f47bc08642e
[+] ./data/malware/3f25be90c7c84ae837e874dbc5fec5f28f3bb087746bd24e3ba11cc7ea130f2a
[-]
[-]
[+] ./data/malware/8e5e76d065e6339a183c4f15f66e17e79beed735cdebc166eb4f3e5371d780b1
[-]
[-]
[+] ./data/malware/0825c00613ec1a0c879cd5053f862db5a7ce9368ef95913f91ff7eb6280947d3
[+] ./data/malware/47bca70cbc72253dd7d97d83edb7d1456f0e2c2ba4b667f98fe1456c5edf5c07
[-]
[-]
[+] ./data/malware/cb2894f04f790e3f8be68278b6c80ff35f42f88b98137ea8fd3165cd09215ede
[+] ./data/malware/8f6554e78cfb6d1d3898dca8d8f14757784a167fec5438ba3e3227fcff9463b8
[-]
[-]
[+] ./data/malware/7f549769ae36cacca1f331dd0b6123dedf4ba10badfcb798c46d810b2ebd5471
[+] ./data/malware/6b2a17901118712076fc578b12cb46b892d2824f6935297d919af61763ef8608
[-]
[-]
[+] ./data/malware/c3c46fa3a2818518d22391b7ddd7910542da15e2ea5c608f3010e8dd7e6ffa75
[+] ./data/malware/799e53bf46b012ed9bb28e2007bd830333bb70b62134210e5967e5a2416665b6
[-]
[-]
[+] ./data/malware/2b77bcec314435ec275eca22642dbd15685d4c3350d83a4d775fe2a8641d5c45
[-]
[+] ./data/malware/b781bce08d62ee8ca17be3dbb1842012a32532c3e71ab69e22cdef60259a3464
[+] ./data/malware/9b38ba90836003bf5cc67f75769be3991227fe5ef58b367a4a2bf0ea0d1556f3
[+] ./data/malware/c8da1a824306a596d3a0f4e84e1f492a3d7fbde77484a72d485f6deb9de32bbb
[+] ./data/malware/7560e4554d08d0123b38ea06136c212354eb37245bb31fe6d92a2ea12c687169
[+] ./data/malware/14d06b21ab235a0c4259e0002c7cdf653491167da4f02fb4820f0ce8bd067800
[-]
[-]
[+] ./data/malware/5a10a670b1f0f4609411055c234193ace3ee941de8c07efdcbe5717789bb3a48
[+] ./data/malware/513e6f142cd61a2d3abc35735b35ba8681867b794ca9e511b33c6a4fcdb5b5de
[+] ./data/malware/2cf12dfc7d2db4ab5383592293a929a3d73850a5957fcc330ac80320ebb43a8d
[+] ./data/malware/f89e7192d08324b8d1f9669d5ad22cf3e3331c3b8a31d73008378c74c3a1f1c9
[+] ./data/malware/6ef69ff379dd2987fb1b88f2f82623c98a92fe41f71d05f00f96d179d3909ebd
[-]
[-]
[+] ./data/malware/8c5a0e5ebe5061a358b706986a818ef98ee724f1e3d978f3a1d85f4882e28957
[+] ./data/malware/1ff97b0d790e7d34e4f4c4b18154cf90ff82a4d5e66665b893ec3bb3ea8c1bf8
[+] ./data/malware/af6a6786793afcaf681887ddb812cb14562d73d6bd6214ba99bef5ae379e1bbf
[+] ./data/malware/d33171bca09c4f40902144810399f44d3e8b73e2c6c635a020525004ba7ac53e
[+] ./data/malware/a4c65a75662efeb5149fbf7cab8e73ffe6422040ed6d0c8a57f27b2ad3007998
[-]
[-]
[+] ./data/malware/34e7b0ea40b7e09ceaf993a42e3c0c9e68e9841e5eda859d06b0aa141a50647c
[-]
[-]
[+] ./data/malware/805374ff33c185bc2b5191a8c1b4c19fff4f774856dd1b9fff0189ff0bc9a989
[+] ./data/malware/07aaac257f6fdb5c4060722ef297e0c0e06c24861740014f94f4541c7eeb7279
[-]
[-]
[+] ./data/malware/6592df07e6f9c9b818e7c9b45331f5ca79e60ef5977d2b3ab19bac23f585740e
[+] ./data/malware/a5832b8f7a014354a6c570094226500aefc7d3fc804379a3ff79dcd8cc719b45
[+] ./data/malware/9c0f5c51f85733cb4d5b47c467ce9f787f8d6f446a03fd6317445d86a73d1b38
[+] ./data/malware/a295b2ba638cbc488c0bc9faec2bac82b720a525ccee5a9becdca312480ea4c4
[+] ./data/malware/ac5883f82889de7303a2383e323f9055b304b692a457f3aba05e962a127337ab
[+] ./data/malware/c80d55690277777de5bba0a0b52e4d9869f814829e5cf6bad0dd9ee3b9976993
[+] ./data/malware/73a6f060f3e62c8067e29563a1d27f2419d760a4f1a7ffc1579e307f5f4a58f1
[+] ./data/malware/d7d2a2e15082d02b3be99bad6dd5ddf122dca716e204df7e01341b6fa36407ab
[-]
[+] ./data/malware/eed1f52569e1839586f5d70b09ce36873b081b0ce70f47b7bccf16a17edd561c
[+] ./data/malware/bbb7ae83a9922299538e33465a22fdc54ec6c15d6e9f0637c09d24c748848762
[+] ./data/malware/59e6176a2d95519b793531b4ca584e34d7195158fc7bb280e86cbc23d2bfb185
[+] ./data/malware/9abf6f9bd611fc58a61fe989df1a4a20eb670d8b1bc6a300bfbc76d1c5d9d193
[-]
[-]
[+] ./data/malware/5e83d91dcf08a62c9c02dcd5bff3f268f84ac9bd0152a81b653e08c2e56fed8d
[+] ./data/malware/72e6fa2b84dece16c7e0a1ab93e1b551228005380fa1e90591a996592ec6daa5
[+] ./data/malware/5480b04b18624c10222fd5bf67a19e4ec6b606561e477b928e80c7211532c79a
[+] ./data/malware/3f4c9f83b441cec84667f4ba1e937788b32d1d29315ab0e874df73bee2657ce2
[+] ./data/malware/01d9eb3e7c4b0a8ceb4c69924daba0bb4da90b0849665c46e815ae9ddf0c24d2
[+] ./data/malware/ae1c10480e7bc7c94bd038bcb1e33a7ebde7d84261d8317eb00a864726f0a37c
[+] ./data/malware/3dc41de2a9165db7ed462b50e0625c75e903cca91bd8a5ffca86ff4883b3a8ce
[+] ./data/malware/9bd02fa85c6ca4ecb91508e87f476d3acaadce24c0c9c8a0a6e10fd03d71a37a
[+] ./data/malware/54b9b8c9c1fe79d6a279ecdaf4ad8bf21e15e2ba93933bc43821ffb362b81ac5
[-]
[-]
[+] ./data/malware/331f801955c58276a8151065aa3011bc26bd95fcfbdebd26d20b0fe6ce0905e1
[+] ./data/malware/f26a9a6a65bacb457abe25895e5713c7459e8f91add60584be460a8ee4858a62
[+] ./data/malware/ea9142915371fad08d233c021c7d72bd252c30a966b195e3b510c3684cf76585
[-]
[+] ./data/malware/c00a16cd22e54538300ce78ae97c8f5d865de8edec22c02acaab67286b53ca19
[+] ./data/malware/ca5e87fb923947256bfe1fc1b92919a091c6da3ea7a3477871ea7210a01fb9b9
[+] ./data/malware/c1f64acbaf96cb7d78b008fd5358f799d56960c8c393fd0c4d0902a80ae76bdd
[+] ./data/malware/865b2dbe4bfa34663444dd508655860778332f228c52088ecb681538406270f3
[-]
[-]
[+] ./data/malware/b30503fb0eb8ffb6711df39dd5e2c8b305ea8c1d60cc81df51affa2f8e4a0713
[+] ./data/malware/38a08e1f3f72bb4dae5f65e9d968747389ed61bff9e4aac3c74b636d117bb9fa
[+] ./data/malware/1c14ade9d37a71d33dfb45c7d72f9f4b6a6ac3be425d723b4272b5cbe1ac735c
[-]
[-]
[+] ./data/malware/977a6d01cd81c628d89f6f0f7df7689a5eb3519b76fc4257a9dfcc2d96cf2878
[+] ./data/malware/3b38878bec77b98c79bdb1b209084ea27f708a33f2933d945cfe1ba1d8f30673
[+] ./data/malware/1ba4df646c590d5a0595ed0f33e764e79535ccc5335057827214c716cd2a982d
[+] ./data/malware/6dd17eb2564bc0263516ce985a02b345974dd624152ac9f87225f85ac040dc88
[+] ./data/malware/71408dc0a8a68a5e457a25d9f39c967a6ed0488180ff3c63b081decb2e126cd2
[+] ./data/malware/8568f814e03594d9a352607e26caa6b10fd9ab17fc2e529946246917e48f88a1
[+] ./data/malware/73f22d8dea968b0f417f88d7fb4a7be4ce7e5109583b36a6eab798072e6fe832
[-]
[+] ./data/malware/74cdd7e59b3abd27e56d06139287b79ecc92ac6a1dcdc13d34ae65f89860ec95
[+] ./data/malware/cf621637a0ad13ca415ebc77a6e6d90caf6391b9997f0cd0ad09c5e884035b82
[+] ./data/malware/73042ec92014fd226e9254c5cc03dae59b097834f05e70f70b571860420da8a8
[+] ./data/malware/6bd17fc3a63470b20bba539be198ea59d800ced03b8362484fce9291e8c22928
[+] ./data/malware/4a287131352410c1e0c0139a2bfe45989209f7aede866817d89e857ade8a7658
[-]
[+] ./data/malware/4e81aa5a0a2567ff616f7099774d742e22866dd010c3a850290f13124009de78
[+] ./data/malware/32cc654cc4073e9dcaf78cf6aa3a49215b24f51e351f121752e3f7dc118a5b36
[+] ./data/malware/3c8fba7851aa5c9eca70752fcd64fde62f3705257eadb51e7bd0bcb2b1d3491f
[+] ./data/malware/9b88a79837067b2b1495e54df55218df8a6a55c4898b3d37bf56bdc0b9d5bb1d
[+] ./data/malware/cf663f070b61dc087ec5537c55a7d1727e7c4ed6e1dcdf8b20576ccf9de9c3b2
[+] ./data/malware/9d05f358cac118b158f311719670427ff0746133e37f07972db6a2d7f1e5e27f
[+] ./data/malware/623737f068a89cd15b608abdf194a1c666d621d0024750fc9c58492444bc9ef7
[+] ./data/malware/7d000acb7f5a4d390cc1481a44635d5692585a11ed1b6ba752b45ed2e256689b
[+] ./data/malware/3fa426d290f3e54baa17d1b867e5edc9e83d9d7b8aa38247dbad72d8f87e06ec
[+] ./data/malware/6ac80a063b8606daf2e4975983b142e44ce7e9861815a11ad3b2c7cb853d73d3
[+] ./data/malware/4e977a30a9648c13e874c4fa95a596c6eae65eb83b76bdcad8014df2627ef29d
[-]
[-]
[+] ./data/malware/1464e665566b7cafbfdc7aaa0c67e5daa4c92002abc87941805c527aa15bcb35
[+] ./data/malware/5c9db4ece4efdab4ef8ee14727084031e71a257d8409bcd68a5231c83df78e86
[+] ./data/malware/6ae6183b55c18e6ace0216cd0903f3cef52ae00f2dbf0461fc4c66e6e7249854
[-]
[-]
[+] ./data/malware/6091bcf4dbff3294d19334246cd9c793cedab2ed0599ddc43707195a845fc236
[+] ./data/malware/96cc76f7ef8e8e533d17fe5c34fdd944e1e3e21723b54a1d8ee6df97a2a29346
[+] ./data/malware/3a1a39852786a3210972f4f3f3dfda8ec10e3bdf0a2e88dc412be4c06378b483
[+] ./data/malware/d2fbfffcf8f621629e718eb7f82a1aec73e174b4fbbbadc1424f3b93c9dbe581
[+] ./data/malware/c1aac973b9050c9bd23dade59cc3e8c58bebb9a6229f6c06b5b58f3f487c138a
[-]
[-]
[+] ./data/malware/1737a2011c904447473efaedbb95934860310a2e117570b7c43180643ef3690f
[+] ./data/malware/3c2584a26896f9e70ae767222fe0b2d23d9971cd7869d054ad3e4b705385674f
[+] ./data/malware/24d88bd850dc75992c0facd5091db956aa95c42c8296e7bf9ef0dbd115cdf410
[+] ./data/malware/519dfc9e14f6480a1a1ec3ba7745367d77e4dd798685eb8211e3dc23417ff43f
[+] ./data/malware/2444a501dccaf6f2dd85102fa014e41d9bde5f0d20267084c37ccdd99b21d9b3
[-]
[-]
[+] ./data/malware/adc82f423ab22f6fe031d3a80683db642b5a92cfb748c41ced4d0b2b1e4a04de
[+] ./data/malware/9e27dc85bb110d11d762b594f5d6843c06fbbd3762a3eb4b94b968c5e5a2a21d
[+] ./data/malware/deff872ed525bc283d11d386ded952dbbbdbb32c84d3d17631d27b5f7b04cf83
[-]
[+] ./data/malware/f493057440e28d88dac057c92b21b47a6e729fbaf19e8fe4374a23793a5df755
[+] ./data/malware/359ed51b783a857cf8a986b08703540bb5a4a47f1672bc7379c43c5ee569e8d6
[+] ./data/malware/59c2a6a2f007d06bb1ccde6cfb34444764899c2d2c86501058cad75c3f9724d2
[+] ./data/malware/480dd6a26428416c54673d10d25e3bbbfce07430713f4fa73168063b55babb93
[+] ./data/malware/9b68998fde3e1b362ddede54bd76a6288f8c4286b5ee8a2761a5e3acfd21a022
[+] ./data/malware/f18fb26d15a28b2314cad232830aa15bd06e97c781ba2ab37a4146fc7cb04e05
[+] ./data/malware/2d726abd9e0bc3716f86141015eab7379689115223662f943d7579f9c683d3cc
[+] ./data/malware/6dbcb3b1dc7a5dc10a2440241c192039bc0b5fc552ce4997bbb5f927dae816ab
[-]
[+] ./data/malware/bfe14df209ae1ce3e58bc6974573594e5ec092eefb2b9eb70c7e24280acd62ed
[-]
[-]
[+] ./data/malware/3e12b00604bbb40f673a38bc80ea882874c2fa3b2670b136e0b9b79dd915a1fa
[+] ./data/malware/69e084e17f3256766031cf1de87950f700339ec7e7de02fd8c80e8e13cf1ce06
[+] ./data/malware/6a059810c40bf6534540ceb5305fdc08213541da786085c1a637d5fbfa5ef9b2
[+] ./data/malware/8bb2546c2dda690d3540d78ce745a99b335882ef2dc48a7474580006d9cfaf79
[-]
[-]
[+] ./data/malware/fee18f402375b210fc7b89e29084fb8e478d5ee0f0cdb85d4618d14abb2e5197
[+] ./data/malware/baa0f9e799a3d46ccb04c9d4520a69e58383b2d88aad8746f9214eaa8d3a06f3
[+] ./data/malware/9402d333af81d07ddb8c9d90b722fa32a03f2a06e921139e56e4ab4d16e516e0
[+] ./data/malware/210fc1511f475c1d448ba4693d99487b70ca50b2448c482026aa1c7e87d9424a
[+] ./data/malware/12aa72f9c1d95b0796bf193c1dcc09a3694b6ba84252d748aff5e5d133832178
[-]
[-]
[+] ./data/malware/78ad88d90b7be0504aa97e796e712084cfa8e29316e73c801fbf99d3c4cb80ba
[-]
[+] ./data/malware/bb0471c1357a1552cdaa0c94bac293cad20e2838ba91036ae9fcdf815c2db5d3
[+] ./data/malware/afb936117a51446680827f2964dbdb34f2dffb782ab9929f7ec992725096f6e8
[+] ./data/malware/d7b0f9e0d738aa6926ec9af18686a6d512f8d1ab951c559a22481a2da905857a
[-]
[+] ./data/malware/95106629b0db072f44822dfa15d2f838a7142880f82eb6b6faedca4f12a56a66
[+] ./data/malware/a08e9e2b0032a4a13a01af974d8489137dc3a3058b758e8478a21f4f5c140c38
[+] ./data/malware/45e1fd52db8c8aacf9b19f971368ffba8ef3f29f83e5d0c2f3912a52d202b4e8
[-]
[-]
[+] ./data/malware/80747893a1c549f9efac06401a24938b12f71a60694d26c7953d06a2fb8a6c79
[+] ./data/malware/b95a5e2ae5653e4de504a1d230857b40b1c251c5b832057a3f3ac67ec4cdb408
[+] ./data/malware/9b53c66e950f469105cee4b5c653e3f50e1650e5ac9616a9df7a6a8ff87e3be8
[+] ./data/malware/b5f5fce7b9eb7c338b29ed4a152703a949c9f2092a1db3ae121c195687e31e1a
[+] ./data/malware/835a520db6ad05bd9e5f307c23c6db2929c45ca32bd09d6c5a14fa51a1b0866e
[+] ./data/malware/5319d4e1f53c44803c2952361d555510324a06072dc3c1c13c98594bc70013d7
[+] ./data/malware/3f871160d4ddc76584e793ec3f40f1deb83a2f7b5616e2306f720e5b4dbc1f91
[+] ./data/malware/14eb6038b34896245ff06998d98c4d7188292ec9899531222542b980aece72f8
[+] ./data/malware/b608dddd151c96f7c15fc780b4fc1109095dbc80e356598297d81207419d5b70
[+] ./data/malware/76437993f28048cb0461ee1d622e853460791ec0cdc97b156a4789143f4692bf
[+] ./data/malware/3ea7116346c1059548b52f43f3564672120c322f89d712902c664f6c0706d28c
[-]
[-]
[+] ./data/malware/bf2a030e812b0af137a649bf53e310c9752e0172ff6e873ec77a2e8b3db256c2
[+] ./data/malware/61a84fdc0e402a04b4fe3487c595e790ade0df010c0e928933797e47cee386c9
[-]
[-]
[+] ./data/malware/ae39e62466f163d1ddb80fcfef7e30fdb7412b56f54578c809acb3e52e42abfc
[+] ./data/malware/70baf02e96ef1a515db921c1a3c466696af75a6fe51d8f1bf78e9e9d2964bd5a
[+] ./data/malware/1578893a802d00f6f5cede6b4ae74a82e844761a5666e5b0efcbe648e6741fc5
[+] ./data/malware/821d5b54191fa82573243f746b1dd746fcf1c8271914d1f654bf742ed565ca0a
[+] ./data/malware/335eeb80174bf8d034cbf23c7d2a41ec1413017db0a9c23f5dd4fce0847f4009
[+] ./data/malware/c233ce7dbdea82ef96aea61eabf8834d356435f6fb83db235bb46cfffb99b793
[+] ./data/malware/60dc6bb966079d506892fd6320ef54d67b38a74a8bd9284520c4c78f028dfad6
[+] ./data/malware/945e189c3ddac1d8300925b3faf553e8c3185cee0518e670089ff4d114672bcc
[+] ./data/malware/178408a29a7d6affb78af839765008453a2a1125026a4c961fd765379e7c5eb8
[+] ./data/malware/58d409bea05dd325ce5a2db1b46db3c9b8ee1cd495928fd5477a0f7e054231a7
[+] ./data/malware/d21aae932a180cab1159fb9ecf0224bdbcbc90e54a6fb72edfb291f6b9b2cf17
[+] ./data/malware/37a1a31a031414bbcbd7b7a7c16026f7af003b2c4b1786aa1bc0b93e86aff8d5
[-]
[-]
[+] ./data/malware/25680ce9e31c5642bd173d611ac465ca7166f7504d67a58e20fb5e6fd20f875d
[+] ./data/malware/5edd9e5338291dda1b4bba7ba5c6e7c7698568ba411ef3c0972bf96a48308dd0
[+] ./data/malware/54c1e4ccf229be4378be24b10ecaaab4516072e020ecaef78742c5cba6d233c1
[+] ./data/malware/b4ed50833256dd30497430ab7ae859e3902e72a3dc202dff6168f941666af334
[+] ./data/malware/74e16a62ee0983797f4ee5d2b04164d1cc90448269807dc1105e11a591279108
[+] ./data/malware/a8d2184d31ac2f84559b98aacff6352447dfb4fbff77f1ee1b8c3e4eae7c2afc
[-]
[+] ./data/malware/679185dfe9116ec51311577155282272f97eff304d230e6d087b5fa4f83b1ddf
[+] ./data/malware/201f26b787fb7913b384fc266f649bc698e0465d7d27b5bf27c7c2aa7f538b62
[+] ./data/malware/52c3a44ae22f0dbb72cb2de5fa19a46c9eb4ee0d79887aa390438bf1f1d63871
[+] ./data/malware/16a8a52f7c6699dfce18c9913aa748da7a62900f4d5b049d1984cecda95b7a94
[+] ./data/malware/18a36234f2dd49da0a65f4faa43830f1a8522027483be661df22a1c23b8ce122
[-]
[+] ./data/malware/9b72465f522eadbbbef1ad0d4b44ea6d4f5d554a157a2b8dd779172b7454be18
[+] ./data/malware/3f09ec2b3e1a0c6ab91b596f0302e76fb741a80039db91693ac93a7b71113610
[+] ./data/malware/e9142a19eac88acda42d97fb32435de8bf0434e355f4cfb58b948f193db59775
[-]
[+] ./data/malware/19ab5b7bec07ec3bce7d87ce3fb851943774b93a300ab19d10f06739886fde48
[-]
[-]
[+] ./data/malware/a2c7be5350a73331778681b5491c2258ec3ea99897f725c23110adea6bdad832
[+] ./data/malware/7a420da87dbca02d188e2ffdc62b016dd1adb737be705f86ec35fce55f1b42f5
[+] ./data/malware/2a5a580d083aa88cfa19f735cdcd0e0c79291384088df317e2c0f621f3da22f2
[+] ./data/malware/1c3d5f48f9abdb8bc3ef5cb84c8652ca1516bdd7c78d3fc972adcedad55df69d
[+] ./data/malware/40209dd150e8c1ddeb618dd1b4520bc2eb76b1c7c77d59860aad859d29dcdfe1
[+] ./data/malware/a18937267aa0b97fa0fddcbb9b5ff1bb5995000103db3f4f3633acb6c44c674a
[-]
[-]
[+] ./data/malware/c15fe5257c5fa068d21d321cbf11eb5db3cefb3b75000f232455bdbe84f98c33
[-]
[-]
[+] ./data/malware/b0c507b096c8975f9bcd5270b9e142596ecd5deb940c51622d1f4987a5c92879
[+] ./data/malware/75384515682b641bed4b3cc09157f9c16d1a4742a0f08bab5c250d616582ef8a
[-]
[+] ./data/malware/968985829bec5c795c8e9729ef2d3e66a2c5d189f43a4c6c3a2b474c206c1c1e
[+] ./data/malware/1b0827e93dfec06d54b8504a3e5d9c73f227e24d7b5481e5435e09cacb391f6d
[+] ./data/malware/a543d660352d9e6c21a8b3c830ff682a3b42e43e2bc881e03787c64b83cf31aa
[+] ./data/malware/df481c0a996c8d66840a21bf3628768add8759571edd504cb3192b7b8ba3376e
[+] ./data/malware/fab80c8daa62c97bbb4cac1520a95c25b6cb755fbd181437feb2e51ead19b368
[-]
[+] ./data/malware/43bd6c7e304a5ad09b52f279ea84eeb7df2e55f3d92428767f110b7ae27a3bed
[+] ./data/malware/85c0b53691d27e2edc76975df9d03a9182c7212f56da8539e3066127cf57b6cf
[+] ./data/malware/1e70874eff6d7ca829968eca23f6c43478488d12442ba676227ad7a47cb9ba06
[+] ./data/malware/acd9dddb835b32baf47cce03ae93ea8635967e10305acf00e7eb0b12bbcce901
[+] ./data/malware/0004cec68fdb95507c6161d84e4965db60f997a679ce20786075992f1e5b340c
[+] ./data/malware/3aec694d72efb396b6c3c857153455a714afa89f4edb5536219e0dc8a74f531a
[-]
[-]
[+] ./data/malware/48889e272a054bcb255dd74fcec273a61da8d6789c842cf20c06fbec37ace1ee
[+] ./data/malware/62f51d2196485408045ac008b1c6020e10f57cbf61ded71c0b346af2e869ee23
[+] ./data/malware/8d621fadea6da7a8b77a64f287f37c9ce4cd8c685599b3ff66ebca898a90555f
[+] ./data/malware/f20b6dd67a16ed8ff9ca5db8bb4581d32b2f4c11951b20fb798de502db8390e5
[+] ./data/malware/a3d0f51fcf455dbdb766f9f8994140da762dd1d8c4d139c748fce970ddc4991f
[-]
[+] ./data/malware/8991d57126ce4fb3eb9c77651aa50e640f99e39e546671bae8a8d84d7c9b72b5
[+] ./data/malware/4f67d58a4cbb09be604cfdbf75637469d75db9bebdc47efbc0c77fc6eddaf95c
[+] ./data/malware/a514d3f6498c98d2a3c4f1bba802be59eabb5de066355bc6c477f5a6172255f9
[+] ./data/malware/dc52184c184823c942ad69902f8608b0d997590f515011ae67e7e18705076ecd
[-]
[+] ./data/malware/d86d9d0c314415ed5fba9ec59f0b42e1ab3c599f8b25d00a0d1e7e6416776d7a
[+] ./data/malware/9dc0a77f4a26df00b6f2578826852b98266dd7c6ceafaf498415337873bd9aee
[-]
[+] ./data/malware/b1aae702bb095a17fa479fdfb66fa1168619638fe4f070de441a3297976be2d4
[+] ./data/malware/c5caefd19fe5b361a65d124a9318ae8d357bc300e66e6d34d030eaeef2b1ce3f
[-]
[+] ./data/malware/642a03a55e04e2ec6da2f8a8df0a2f8b63c0f35f7ac021eb0a4fa1e92a6f601c
[+] ./data/malware/b4d2adf74b34ca61114473dc6a10338881d702797239a337886e205a246f0cac
[+] ./data/malware/8cb63c682f24b058f474a0d6237ab2ce5f303103e1356bc33958456e185ef61b
[+] ./data/malware/b74493860b294233f324e97349ee9b51838fab3171d4a1f33cd67a3dae47eb97
[-]
[-]
[+] ./data/malware/202096bde5a417f4c9546d8263cd836fffc61b806cde45e3830df7bc83c6b247
[+] ./data/malware/50aadca76302e13145462a6c70559b52b0054310653619ee5ef12a002c90e88c
[-]
[+] ./data/malware/c8651e5b373efecda48ad2ec2f92307e6894d673f0e7d83ae60647a07a185a7d
[+] ./data/malware/542afb77433a3fe19788642e90f3a675fe7040e7283aab5e93266df398c65eae
[+] ./data/malware/432c26e8f90d9e2135f47766a548bbcd4963a1aad8b52ade8894cc916de3af58
[-]
[-]
[+] ./data/malware/2d0aba272b39e942344931beb1469229285ea1e23bf8ee1038b8d32ba2e8db86
[-]
[-]
[+] ./data/malware/3ddd314f1a0f781596c0f4b2191c6beffc2c2df0dc02f7ab4842a3eebfd02059
[+] ./data/malware/8b806500dee38824b854e9d5d4ca7d5df244a8653dc45bfec538c5dc28a5a15f
[-]
[-]
[+] ./data/malware/82961145087458fe8e5de95016722e9bc676f7a5a6a0886262de67b5f6859b6c
[+] ./data/malware/d775ef79cd103752ae08187b28b73227546d0d7583b9ca4fd338931b334eff0b
[+] ./data/malware/3c2a40f64aae9c3185cd852d8113c1bde8142852f115304bcfbdb2b8d753ef3f
[+] ./data/malware/9a0d9c3e6340c7bb8c593b318b8bbbeb98e1cf71a57d7442930bdcdb0345d912
[+] ./data/malware/5f8c892d0cf1ec2d9781c13853b2fb1b0f5e087e4c77e8b9de361b6ebe2226c5
[+] ./data/malware/e84f033460a4b6cdc5a5340ef654cb7c42e01bd690b9033c515c4b2a5ffc65c9
[+] ./data/malware/153b5a09d89213a8164dc511bccf4530af70853b89efd9babe0499777d154852
[+] ./data/malware/3a48814c69b47661371a4ae184640c4dcc3db94cad3715b99db9325c85d5d5d7
[+] ./data/malware/2f6921f9135ee2ab2cbea588746648334d5596a6f40817a11b0268f9fe834afd
[-]
[+] ./data/malware/cda12d1a94fecc9aacc41b95f9df7c0b3ba452496052c6c62d3e0b98347f9ae9
[+] ./data/malware/400dd28d8c2fb176cf12e8093eb344a6997f15e7d333f2abbafe4b56cb47afbe
[+] ./data/malware/8ded3a26fc6a148a20965f13d6aaa936a04d0105472e8b10ed1461d3b0673e14
[-]
[-]
[+] ./data/malware/90546d4bda78b91c8296207505e5d5475c4d350646906b2d6f593391cb34e0e7
[+] ./data/malware/c641b11634f0f5319a153fea5ec9e4ae1c4c049c4898a55551f2df0ecae333b7
[-]
[-]
[+] ./data/malware/317849c236aa238bd3287ed58effeef15db1c7d63cf54bbbba1f88b3d97d6c7a
[+] ./data/malware/9739b574cf04d593fc3984a467a33512fa153c0c8330bb1fd929a8e951956775
[+] ./data/malware/79aa829a6dac8d25f453ccebb063f7f080c3abc922031f4c7a5dfb4dec8036d8
[+] ./data/malware/f65a6c764b773dbe55a8dc0b5a992b55e0b3621bf11081ffb273d71eece10641
[+] ./data/malware/64ed0e533d82e680dc32f4d593bbc63f97bcc171f8d4d43b43366e2cc6d6d826
[+] ./data/malware/69422bbcff151cbc45d6f45a203c12a0042eb281f72b4a059cd2ebdae291227b
[+] ./data/malware/61ba03cce4bb75cc502f8b0175ab3a12f7807a51f2321468ee32fbcf3317287f
[-]
[+] ./data/malware/1af8e45337900146089a025fb0f0c45a2738841dcbb547a85212d202e550672d
[+] ./data/malware/7bcf1cf72fc56121779116e4e11f9a7f4b96a5dd04b6427e0bb70374bf1a898f
[-]
[-]
[+] ./data/malware/898de47d1976e3cfa2743dc6446126110cfcb057109ea775db5e4da535cc5549
[+] ./data/malware/8416770393cfc2367ec5cf05871e059501d4e177bfd3a95796a880b3bb0b7f67
[+] ./data/malware/abfc0216cb1db3c9345ae4ce7f685a569e9be9b90fa391cc09ee0f7a40112fa4
[+] ./data/malware/2b20cab13ce9e060bf31aa1aa6dca2db2d3f1d3dfdcaf7bcdf91e12b3a6e05f5
[+] ./data/malware/3d8fd3071a78e85341b8ee9b0399fb665a391622b4fb6c27b3ffe111bab5fb4b
[-]
[-]
[+] ./data/malware/c6eb63781a87572ed1522bcb2cdd5a9e5e1916d2d840ded41cb6759ba3eebc01
[-]
[-]
[+] ./data/malware/3eab2d7a09996e92d91a04b51073dddc2abc99dbe2ddc713faefb3b913ba108b
[+] ./data/malware/5161cdafd0c6d79616d775f79214b2e7e3ad13de71db63e9fa6bfc448ba4084b
[+] ./data/malware/6a3cd9c3d2b5a1d61652085c1a3b172fba70413bd2297ff3f503ac05fd953f3c
[+] ./data/malware/5f119d621493d1731ca7df8ffc67c58f3a7dc3851e76f736649aeef524db0dc4
[+] ./data/malware/2b64f38771ffeea01cbfd5a57505e9bb58ed9328bfefabfa3891e17dd564ef0b
[-]
[-]
[+] ./data/malware/cb6512661e568c9b9326d915a74c809ccf71693f0afe196a9f3f068aeca646f1
[+] ./data/malware/21a99040697696e8095e3a442303c12c1e8ebfa481fd13c16086220d505c502e
[+] ./data/malware/49290e5cb88e66762409c2bb3ec2463f44d9cd8d56020edf53f55a9b715a8d64
[-]
[+] ./data/malware/7d1bfaff177d8793dbc6f76eca5487b338f69c9d3c84e8e1601cc77e59a3d07b
[+] ./data/malware/420aac924ab38220b5cab5fe6eb895a82efae97eab224b79881677c1bdf9dae0
[+] ./data/malware/52f6e2401e4b1c6f91734b3dc20e10de648688de4a9f05dadc9c8e8931a64cd7
[+] ./data/malware/41a01196b9d71cf32e34a643924261b9b0d5ed2fb4f4147cd83e31e4e23dae74
[+] ./data/malware/f18a6d3cf01c2f0d46fb23df3ed1e49c7e185b2796f8d54e184a6ea168da0bbd
[+] ./data/malware/73dbf71fbc42b1cb2354b12d3c4c10ca80929bc34100eac6c1db390b6df79a8c
[-]
[+] ./data/malware/411ce28a7260f2a9ad989f46dba2bd5c5cdc666c306af899f652a1de2b7c54f4
[-]
[+] ./data/malware/3528469d41b556fda2c6f22acd8d92744d868ce1c15fbce991e25b76e2bb780d
[+] ./data/malware/a0a55f7390c91afe5764662e5476b2917e5963bbf25364528aea66f2dfbf7594
[+] ./data/malware/54940ef6bc662a3cb3ad5c9155e28a8c459ac919497aa9dc123e5e1af7379b34
[+] ./data/malware/a038bd815a7c04ee3f6ab38cd2c97156b07da76fe1e3497370cb29bfea6f065a
[+] ./data/malware/66732ae7086ac646b223a5244af6a89f3ec25061d9f3d401a6111dbe5f4dd7b3
[+] ./data/malware/176806e07fdd05e2b990124d59be8ba640736550efe71f052c8fc52775b12af5
[-]
[+] ./data/malware/c0b29888d722dec82e3b9bc2424e5e7fb32c3ede9647be5a1e8c501e912dabd9
[+] ./data/malware/2e1738364af0008c3adf761818a88d004402d87f96639681b47fa66adba2f4ea
[+] ./data/malware/7a31bfc29c25edad1c5ed7546ce03b09e8c7cd55080d639678349d81499fc1e1
[-]
[-]
[+] ./data/malware/4744f60445f39850f834c20b68585d747d509e812d307974d9a75f8a1b644ef5
[+] ./data/malware/6a508ee7fa8102b82ab051446a98a069350e2f480f2e7fb8001386babb968fdd
[-]
[-]
[+] ./data/malware/3e1b7db89d3cc871443a8d09b54554fd19b2fcc67d8b32e767348284ec2df4e4
[+] ./data/malware/41dddfdd1b3c91ef07760f678a34fe43d6f0466ec68eb07997960eadf37b4241
[+] ./data/malware/bd6cab093b5451b4cc85b4528dc0251c97a3d11cb3c1493d25f37b06f8cd2238
[+] ./data/malware/639528ba0d2f206cdcf4df6f4aa9c533c899726435c21c67a8398ae989361649
[+] ./data/malware/23a2dcffda0de0bc85eb46b8705b6533f9f0103e3d707ac729a2936235713339
[+] ./data/malware/bd3b15859fa38d34fdc27ae5f08cb8962accdf28dfa3172a9f42d04222c2689f
[+] ./data/malware/80915284b9414f25b362b51db88d38b8fb42724b433681061cb7b211244c748d
[+] ./data/malware/38307a004e8d5680b6ef191fcf2cce0d32a19d44fc4bfbc180b2869095783f80
[+] ./data/malware/6da809b7eba9044a0f1f764c5436e0de8a0c5a7fe810b8adad4dff4812d99fd9
[+] ./data/malware/2703a38a1b9a8718c9c53984f8ae34fee22d2b9354d369795ef205e90fa6f8d7
[-]
[-]
[+] ./data/malware/c65d2b1c916db909d4c2fb0f6893978e76b9c52d53e69f9e3a4a3c13ba1b87bd
[-]
[-]
[+] ./data/malware/2f02a820c591f5c915ae5ab612362848b2a0b48be22529641d732030c66aa73e
[+] ./data/malware/ac6fcad140c294b035b03cd4d15c14122b3a34f74800382f1dd8db1f545540cb
[+] ./data/malware/7cf8392bef146ce128f871541f92dbd23686c417ce5c061e4b7e5678f152a382
[+] ./data/malware/f1bcd14143b9c4f4b35e38a486e5bc281c5104da5ae8bcde963c293e2a32cbc2
[+] ./data/malware/71a42d2c0d2b9aac8a7a572ae3163e8d69b2df700e174190e2ded475c7b71ca6
[+] ./data/malware/fde7f22dcebcfbedafd5daecba1dc9952ff51c0ee433164b5509ec67aeb04d87
[+] ./data/malware/c01fe9f01b40633db53e458c170996a5bdd8cd2f6513c4a054e1514fde661829
[+] ./data/malware/e7725dfd8522b86f60d8eafe1b8a6f227b0a3f1e74e77d579573e113b0fd5813
[-]
[-]
[+] ./data/malware/259486b3ef32096ae8cdecdf20025ca282ff9722be54d71de79f5b36e69b1016
[-]
[-]
[+] ./data/malware/20255538932444661fb16979d0ac347fba388a07e1c096cc6b74710a7ad61ce1
[+] ./data/malware/f32b01499bfea3cbe329958c26e9c0ef5e9b846b5d902a37abe87e11b1dcdea6
[+] ./data/malware/62673b2b94c92523ae07c781f47903913ca28bffe827c49c4eddfddb07fea54f
[+] ./data/malware/adf7d4b104224a9e4eb6e96aadc69c9782661530b33e2d46c3cd9ec1b2076f27
[+] ./data/malware/51af36f519a74c3f2d5b673f1ca48ea3f92d6c60a8ea81c4daff5096b05edcbc
[-]
[-]
[+] ./data/malware/c2a029613bcdc032f9f653f765f10ece7930c8b9294386e3e1ce857494c09a8f
[+] ./data/malware/b4a8b4a9662e20f74c888ef27a0940b7fb6af2572d3d01d51bed97ac49680a87
[+] ./data/malware/f9b4f1787b1d8eb87fd1f0192ce96f70aa227addd6a30ec2a31160d1caba35bc
[+] ./data/malware/ded49ccd2b47b64b9f959746a2d23d4b0021b51ad9b6988b73d68c5dcc9ba168
[-]
[-]
[+] ./data/malware/3a384d62d08835e3e0746848d9ca89a4ca393fc115d0c11e4a5003c1c2585284
[+] ./data/malware/3debde619eea6ba2603167edaa7f6011128554679edda1f1bdd206922b46af2f
[+] ./data/malware/5db1ada64170e7a7932c29998c2e2aaeaf8bded504ac456d5b335037ef34d487
[+] ./data/malware/9a29f1de2628a368849c25cd605c4db409b2b8ddcb8287cf45e23926eea49e53
[+] ./data/malware/6207633b1841e8ead389e463a97b622e4fa399b1aa9284feeadfc3474c507231
[-]
[+] ./data/malware/1f0ddacd24cea4cbc15927edb18b4fb78e206ca896fc7855c53f6ec2cdadc099
[+] ./data/malware/44f9192b213f5588c725d2c3e30ba5ef6bd43b66c617f4ede48e2f0ac0327460
[+] ./data/malware/6bedfe4ecf7dd924c6374437f1d6e4199b121531cdf20df007c828999198b8bb
[+] ./data/malware/1ab3d22097fbfc9c63890d636c5f8fce86f90ccdd282be7c4cf302866e67b94c
[+] ./data/malware/9de51643e99b08e56e076401abe53a099e9590c7083d140464f6f6fc91b14d98
[+] ./data/malware/086c0d2d932584851fec3851282d7de822d07f129ca383924e157adf388bbf29
[+] ./data/malware/6a51f33c24a49eda081c319fe9ddc15b735531a1d847d9b0128e36a357898feb
[-]
[-]
[+] ./data/malware/dc2edc7f2df5614c6e75a9e1f27943075712e88def317bc276cdffb1708f5dc5
[+] ./data/malware/8c398acc63b54549f470f7f83f2593ad2b9a091e4deef29ebbb51efb095c04ba
[+] ./data/malware/3d4b357481c8e8308988955e31def8145ec0b1734b1352f09a469dd052fe9448
[-]
[-]
[+] ./data/malware/eacc44ed55385c3253f9844b61cb50305de4a850c72acd843f7b8929907a0053
[+] ./data/malware/020b9c2e74cc6d932a7f60acacaf269db8f0135538ee81f3bb51e005f1769c44
[-]
[+] ./data/malware/19740564489f1c9e874cb46fe092851e397ef33ca6afe554d7240b7443afc129
[+] ./data/malware/c1479eb8e0065857e0b9bde2c0c62b7bb3167b8455372af17e3274414a380d39
[-]
[-]
[+] ./data/malware/26f557b692a934da20fe12ece8ae586dee70e08b4055f8e8e7715404dfe094d2
[-]
[+] ./data/malware/491b05cb3f9adc92619272c191c9db67c6eddad4cdba8a179f5678749de800ac
[+] ./data/malware/6aa26aa6216320589a41ac14af447ab611d500783017afefbc0bb0206d860bad
[-]
[-]
[+] ./data/malware/edacc966aade9677f5f0e8acfbe1221c632a66ea0d7ed953844bad3b37b699f0
[+] ./data/malware/4c35825542adb5df5ce569fe4131a28052cd3faf32d4ea8f3d494f2e54f8a965
[-]
[+] ./data/malware/6c98b9d6d3b9680c0f0ad39b3fdfc59cbd45a668041bf2dfdc53ee0bf121fcd9
[-]
[-]
[+] ./data/malware/67afdd03734db788bb2e027f60b5e4f341a644db5fce057fe16fb6994ff0e460
[+] ./data/malware/8e8eeadfa03d31ebc8e00a181bd95404c223594ce15c0871b8861bdc89a81cbf
[-]
[+] ./data/malware/3fca9fe19d2fe89cb9391ffe22b869cb8cf652734b4a988ee2a51557616abc25
[-]
[+] ./data/malware/1726f58f49655d41116942b87f5bfa55c53c2280f15350731bb54fe52ff9b765
[+] ./data/malware/8f904518fd655a1ee57248ebede2ea0a45bc9daf63181692589216ff873d504d
[+] ./data/malware/c7a4aa6db8e6c69e619ddb517a4fb963d45fd9df325fff1361ec6c0a5b13580e
[+] ./data/malware/e9a0170496e18c976183a500e736ab58eeac2d19663f94f9bf9703fbf9cabc7a
[+] ./data/malware/7c9b51c03611d6ee1fdb2b9b27bc57acd6a7690c0f4bb354d918522f2a2a10a6
[+] ./data/malware/32a973ce00bf7502162ec5039a78fe6fc644ae0e999b889ba805476b54c801f9
[-]
[+] ./data/malware/69e6ac5e7a648b547e0513821aefdff286918fec9a17bdc604c798dd38dc1863
[-]
[-]
[+] ./data/malware/ac4f4a07170dfabf06e0c23733ea3068f992e4093f81afdfbc147b2f5ae919a2
[+] ./data/malware/0f031acfd428352cda06be247793114d4a5e192a863a83ded0b5f086b0773cb2
[+] ./data/malware/4621b7ffe87b96683b8c55de1464089f6b8fd8564f9b3164fa4113039428cb7d
[+] ./data/malware/5bbc6c1cbc6b22f38d4691e4dee1a171258b74c5cb6bd4196eee46a43f35d926
[-]
[-]
[+] ./data/malware/24f3521bafd4747a082fa64043c4c362a16c1612a4b076d1fa146c2ef71939e5
[+] ./data/malware/9b0ad8cb11583974eac461d138ce1c344b4d0238e70713ee79768186ff00903d
[+] ./data/malware/ca61e148f167f4bbc2bd9ec709c2acebd2af0e0f939b05ce0e61f88106af991a
[+] ./data/malware/dca2f38a365a3878bada4c0f09bdd5a43f3ba661acd58100eafa40db94b48f0a
[-]
[+] ./data/malware/e26cb57638e309602caacab844f911bddf8246a404126edaba9aeeb1cb95284a
[+] ./data/malware/4916a86b6c2b4b141a1b50635ac115c776274bc7b177e6a2d6585775b15514a5
[+] ./data/malware/f492a8b86bbd70975cd524c4ac45df283ea42c280a9423911405824d27a07942
[+] ./data/malware/4f2c4a3aa41d32a1a8a4618cfaeece2dafcbf770af85ef48effa59d330960d32
[+] ./data/malware/3d6ff7fa98a376f7674b9975daca012278683f6cecf22126ca9d7b75e862e4ba
[-]
[-]
[+] ./data/malware/8fff4ea5fc319a00a920005ede04c4eec837259208d1927a6c18cce6d9b38175
[+] ./data/malware/561c898e605592b99a76c372be03280972b9ec28aa08af8eef1231968725a456
[+] ./data/malware/ab050900a8e10fb104a514c6047762d0c37da2a5e95779fb385a9cc8c289d6ee
[+] ./data/malware/36255fcc28988554e9a5b89d5af374876c0f925e47a7cb5db1d0bb49d68039f6
[+] ./data/malware/96e5a790c6a549a44ca45fc96f4bbd6d927ff67d782df1232ddac6d9b32274d2
[-]
[-]
[+] ./data/malware/0024eec62931670946abd4240d38127e23b4c0c9321de43bc9af96804d30dd50
[+] ./data/malware/4af8f703ab6535ed70c03c6e98e1ad040589ceb79726a531d49a7acbac7ad624
[+] ./data/malware/33ea253da16d4bc1a0a5598a994d20ce600bcfb10c3e255b79d5c9baf79a1a75
[-]
[-]
[+] ./data/malware/19b4ef0e6d9ecdd2c1d3f4bc978f2156470a4f0fee10ef41269266d024376421
[+] ./data/malware/514152828f6ecd9f0a5ee1698e79883ca97e39bb4dffeab7cfdd29b6495a2a0f
[-]
[+] ./data/malware/9127e176fa15d685992b36d6781d79dee5c5994431a021d13f78f3328168cd04
[+] ./data/malware/43eeea045ab4362873f0b110ba737c29e71bea6c209c1ad047cb15ae16f00ce8
[+] ./data/malware/b0de112a27c4b64f71137c19428243627f7187f62d092c04b3352aafe26f218d
[-]
[-]
[+] ./data/malware/56ed446dbc6513c68a357fdac55eaffd9ce6463256f5c3bcc0455a571c9f614b
[+] ./data/malware/41754660e199e9027afaf46edf0de3f8be91a19536a27ad4cd08c41f5f213793
[+] ./data/malware/44d6683f47a13d203309ade994b70663c76dabb2226af5f1f1df8cbca6e8e09c
[+] ./data/malware/72542d9a736877019ba23be25276e47375cb4d442796c44f6ade1b6104e8fc53
[+] ./data/malware/579989ee80b64d29aedf108a93ad5efe1f1ece2d331a737278d8a51d43673a32
[+] ./data/malware/a652ccbc910dfb92e89705532c627b82f5590a71462627715b2562072c25dcbb
[+] ./data/malware/36d0d1d1ed96e71b90e2e15da0189b2bbf6f69c21a0e63ee1be706b262c25482
[+] ./data/malware/09c5667f35d0bb61d4bacc3db30e7c91f436ca87d4afca095d5ae64b74a79a34
[+] ./data/malware/557d9a047e5edf21f90cd56f7bebef8ba4f0a279e1e2dd8e6ebb95991cfb7e4b
[+] ./data/malware/02ef8fcd3671438012dd0056b7946edc02ad383bc2b591b9e2b06d1d5c2e334c
[+] ./data/malware/72d410fda343e2f90e1bbf7b7d283f82bfa04b2b2a063546e9e01e72a9d4d62f
[+] ./data/malware/00aac566d9664b844e5d7ae641c58131ce59deced312236f4299638356484fa0
[+] ./data/malware/4f0498aa57fdebcca74c719cda157184c1d31bcb2692cfbb5c9b63343901eb92
[-]
[-]
[+] ./data/malware/dcc2fa1185fdaa6a42f5e2a7e72828e2d04de8e2c2263186559c09446e44c99a
[+] ./data/malware/cf791914b2e3190945882c4c24ce8f44a653643c16a9399166c5b865f9664061
[+] ./data/malware/db7b8bdbf3b2fd7953f4d4018ddb88fff79e8d337122ad3a571e47fb8ea5a537
[+] ./data/malware/6a645668f630f05072da573a2ee6de2c8b56068e24ee117e6c6078d4bf2c76f3
[+] ./data/malware/1b5621c68261f4f97e9852f8f2799e00c9694865f488c40223abf9ebdfed37ed
[-]
[+] ./data/malware/27c6a044aad80ce77bee9c25489f1c2a867f0c7525bcbe7c2dca6f9ef7a271d9
[-]
[-]
[+] ./data/malware/21e4eb7c65655256ddeeac4de8f3e1f6178f4cfc5a7387ceb9cd9948ade15f38
[-]
[+] ./data/malware/994ae2c68ba7f1ad9c9fbdb6b8c70156af9455baf82a5f6bd474b280a2180c2c
[+] ./data/malware/df7c6753f1fe2bb2fd168a715a1ba859e34efdd42b25783803869e1f832bf18b
[+] ./data/malware/93adec15e6e1bffa3fbcac246ffd42eaf34c0d815677e6de2444bd876a2b4680
[-]
[+] ./data/malware/76ea5fed87f149064150f91dd51d7bba3cf7907715f24bbc3b15458d6acd3a0f
[-]
[+] ./data/malware/1f02b810f254fda92c1f45203b5f204d6dc7b27e92d832ccb633de5d790492fc
[+] ./data/malware/29d108e43304fd59b71d7af372bcff505323e94e5cd115fa614c7c6b80bde216
[-]
[-]
[+] ./data/malware/a98b27f54fdc7b542d0c2ff11dc9a0b78c425071620dfdf071ec59b431ecb8a6
[+] ./data/malware/e9d1c4f94282311d558015795d18dde7e856ca07005ea1656ce84bd2132f8f9e
[-]
[-]
[+] ./data/malware/47e60a03fff1c174edbebb6a60e48ee5a8b048f2c6c34e8ecac0ceed8ebdf8a4
[+] ./data/malware/8336d53004c6e7021f9be107134239099e0eafd977692c39ed00a79649ae9523
[+] ./data/malware/af8a50427ba526a7fd34ba42f6c457dcd6d54f744987eeb120c3dc074a8cd7b5
[+] ./data/malware/07ecdbefdb715680519c6889f3b552bbd8f200c399b0387966974f49fb5d27cd
[+] ./data/malware/6dc8848c6775b59b0e17fccc7e89ddb71473fa1472d3fa4044e02a228bfd0968
[+] ./data/malware/6744cee15755896a14f23ecad9f789932097f61f3af9e863cd9563818bd52f3c
[+] ./data/malware/2772bbf4f0a755f954414106f67d73e0db0ba87a721dcfd0b9451173a19ddf1e
[+] ./data/malware/d447bc82825588ac76d7a582900d943886b9f8e39a7bf115ab2673868ae91f88
[+] ./data/malware/bbdf1900774f4d6c1ee4fbe0afec71f571e1ed8084f863916df1ba286b083824
[+] ./data/malware/5dcd219206f72c433064a90d5fd5233740671ced87885ff3881e1694c8f3a3c4
[+] ./data/malware/d73443f9b511a7d82e94e73fb91690778366f07be89f920184bc8fc50acb493b
[+] ./data/malware/133cb2f76051ce78533347aebf651fbaa80e4e9155930b6ec7900ae7816d0f58
[+] ./data/malware/a6734d12c46d70539f43aef735c0de7e9f80e7e39f925b8c3c1a0a000f43f7b5
[-]
[-]
[+] ./data/malware/ca0068ee2b92ebdd3fddf1914cf314da9564238dcf2144277701a7b41d45c307
[+] ./data/malware/f3a1b6ccf1574590fae51100bcfa8a11938f77abe40820cfc483cc8999c0e850
[+] ./data/malware/d4922069f9bf68d2b950d0a7587b7334ffcb9d83cbc7e3fecac972e3ff8bdf1e
[+] ./data/malware/84797885eba607c4d597cbcd7dd3b9af4b9ac436be2a069b1df2e3662dcdea78
[-]
[-]
[+] ./data/malware/6df712028446af021b9ca5090778b3cc0af63616691cdcd50ba94d97df021b60
[-]
[-]
[+] ./data/malware/3fdc969d7c30c622caedab1d646735d5274e8aa8ba7355c39d04a24f7a2e7bc8
[+] ./data/malware/03bf155ded9ccebc74790dd1bbf2d9000cacab079a3ba1b5df4947123f70c9b8
[+] ./data/malware/22c39fc56634725bfc943206a98b86efaab3a3c3acf1c2b624425c2f3e6230fc
[+] ./data/malware/4fa6203e5ab578e4f9886fb6d1b0b91753a0ddf4baf5036b744da06a587a9b40
[-]
[-]
[+] ./data/malware/0afe81f4608744675c5fda4b36b249a7da16d52de14af542ecd62de48ccf654c
[+] ./data/malware/df793f700ac4a70a63681b95cf6e01db32b42d54d5b487e4d9b7fa24c84d2313
[+] ./data/malware/3716ffe86a444de25dc44d6d002388fdc65a4d8bdcff5564b828f5e8517e3b32
[+] ./data/malware/afb33f868c27a7722629436707bd7ae6fe9e11fd9c9200ba073772e638ba0266
[+] ./data/malware/1b0cfdff377f1ddae9a3f21461df10d138bf248cfc9703bf2929bb3b8640c345
[+] ./data/malware/28b514b2f7c5321645932d2a044fb25cca346b6a2eb2b67d8a20179b0eb04788
[+] ./data/malware/0776cf5a136b7f287806801be96d1419dd7a3fd8283d004cfad828008b11b052
[+] ./data/malware/1b50d0858bb5662ccd46881a856bf7cb9be2fca6eacf4ae675e741a5c4966be9
[+] ./data/malware/a1b23923eab57d5007399c955164ef55b5e6274f3a9f9b2584b8d2844d99cc9e
[+] ./data/malware/2deb9d002aeb1f3f12a3104f1aa71d038b3a0ca354d45ac13e35d4836cb3add9
[-]
[+] ./data/malware/c535795438e9e6f1b5796c945b169ed1b442e481385e4a29ba745d1b6f06cbb6
[+] ./data/malware/6be1e343201b56ea7491d6f5be72ac9d4bf41a16920804d7e0f04cefd562d028
[+] ./data/malware/410eb3166bb6e806652cd945b62db9024090958f82e18b714646999b0559ed8b
[-]
[-]
[+] ./data/malware/23c28ba9209fbf0ef195a29be1ff95e24eda60aac980e2cb042d036f59c844c9
[+] ./data/malware/755a80e0353fce89db01f79067d3fe185c2ef1757494c6f98e15618e95916e7b
[+] ./data/malware/3be7b1d360376dc9228cae463338d3ac305996d057125e379ea1ca42cbff8d76
[+] ./data/malware/d784768937ea27ed673969a464b96798df3df80f9c79f5cbef4a8c62832e3f0b
[+] ./data/malware/6ad07f6615e9de8713b14fb4e12c95960fa24731a94a6e1e540e4f354e842b25
[-] File not PE: ./data/malware/2ba910eb4196a66cb6681ecaea3b5df7cb8b6cbe2c7bdfaccdca614e74dc894c
=> Zip archive data
Removing file.
[+] ./data/malware/00e77c92f5584c245cb6422a37028c47f232fa3fadb59b493bc7f4bd28df70cd
[+] ./data/malware/7c86e0403bfd8bb5b397786a3443f5f483beca2167b339cad01baa6ec8e4e91b
[+] ./data/malware/9edba1829cde6a6ccd3ba286126a8115d2e0d416cba5bd86c3bbf431f580e2cc
[+] ./data/malware/5295f2deee57b943be839c444d77b28e4dcab0627cf744bce2ef7d2515d3c7ae
[+] ./data/malware/808e02f8878ac4091078fd6fc59dca4cb12cec2f626fe3ab335ac880db213494
[+] ./data/malware/317d12da8444f3bd33fdad54b20cf25b2ccc7826e8f6ee03d28f4831beac3045
[-]
[+] ./data/malware/f9e4b51cf668410226769506c9aef59d613d32de3aed980d501a39b39770ce70
[-]
[-]
[+] ./data/malware/4381e84007f5ae7d8b8faa3df667cc2d726fec8446b03f04beaff55a78cecbb3
[+] ./data/malware/d3c41c9e301e8474c6eb8c1ce5d89f1ade602367e6fe08d879d4ff6363dc07ed
[-]
[-]
[+] ./data/malware/c936bcda2930341557ffff92fd68f0250903f2394d8ea7a0cdc265494d40a046
[-]
[+] ./data/malware/03e7fc4b59ef56723f33c3531c292288051670a34112c1f8c896b0309fe8df78
[+] ./data/malware/513b431da8a384449085183f8d90e36262fd77ffe01209c5a29f2fcc60507029
[+] ./data/malware/6cb6c44e78447e34cd2815aa187381922067de877f0b267534603e7a1d8c84ea
[+] ./data/malware/2dde31dbb7090df38972b3d577d71c16b799e5d1f58d6bdc0fad0b588f4dd886
[+] ./data/malware/23cafd6f0772e7ed7a71251a1aded64f474261809e423d50e543e35271b9b0e9
[+] ./data/malware/a54aa248a163a22590ea330022d373fde4919b7af92aa71f63293ff1028ebf49
[+] ./data/malware/bad817ee87e1ed7ac1318a47f723a7f502938aba6f111f1cb0223a0952dd4474
[+] ./data/malware/69bfb20f7c1756426db121ae0f57f6e421f434b79eb13e4b81fbaeaa7a713053
[+] ./data/malware/09f1cc20675bc53e8504ed6df682fc513e535a5bc34dce58996ee799a7e9964b
[-]
[+] ./data/malware/9e1df835855965e562bdad9c3f75de9713de2d219c880fc9c457806293daef1e
[+] ./data/malware/eb2a55ec12c2fa476df5e88d2b38f8d0a158d2a4c973b8b33fdc1a52a376761d
[+] ./data/malware/02968edeae1088f046b4afe4dc20c4668b40ac8849a88f763807a8d5637f424f
[+] ./data/malware/56c4084f1c6cc2d8e4e9a65940ce6e5c8b9d0ab403e4941c12bda6d6f94cb472
[+] ./data/malware/cc78002044bab5b262705620b3af18d767ae46283ab6aa70562a580bc2867dc3
[+] ./data/malware/8dd98370dea2233f53a97942b187460f23ba0520fea092c00e9fe8bfe63e7356
[-]
[-]
[+] ./data/malware/440f62b8089c9a3c187ab98b3ea0e5088215e151fe1af2969154439e8eb49454
[+] ./data/malware/d9c44546221acb7ad6df7b7a5e361db4440ecaeb9758f912edb75f88cd05ffed
[+] ./data/malware/13ab431291a9b486bcb7e07a5c6f4ef46d7aa932a1dadd4d52f2b52dda6db413
[-]
[+] ./data/malware/5911a5e7e9526333140815ed2d8b0ca8c3afb90e0750f31ee70099549b8a1f7f
[+] ./data/malware/553abcc0d38d5476bcf867fb031913c4a89192fee1e239e416fdf7ae6d46c545
[+] ./data/malware/1c4b22b2601bb190b754c12e45dbe9413dfc98ecfe632b0e187da35954236d92
[+] ./data/malware/de87683be8164d8c6e676f0fbc26ae75a059f7676fb5e3f1b8e1b8217737c4c0
[+] ./data/malware/3dbcab057f5790dc41c2000a53545eb369742a8e85c65ac52d3b473e6915371f
[-]
[+] ./data/malware/9b2ef34f6784d0d375f45e7ab97341f861e7943f7dc7320db4ded27f237969be
[+] ./data/malware/9c0f7d20a3b7b9a3266f3a9f1ea8857d416a0af23e81029a7db549e8df3217c4
[+] ./data/malware/96676dbb157049f54c35275c960dfb087d1ff119e7709bc5b11074b45e997e07
[-]
[-]
[+] ./data/malware/6edfe6ef35a7f7908e6a887b054b5aa697f00d1537a332675e6218ffd7a02071
[+] ./data/malware/09782a24b5a800b4498501f2d33c60fc6b8f2b4a919c279f44658c345fa31314
[+] ./data/malware/ca230efa76a5f9899150133426f5065f46fc11ac58ead007e9758b870cd80e78
[+] ./data/malware/e73bd8b8396d12820a8934a089372cd2761346c68e786dd1dd9072d690851b3e
[+] ./data/malware/39c19e7de1c6430e66e1f3f8f3f62c971d4c49a62b5928b20fcaccffe55e7663
[+] ./data/malware/75561c8830f865f2816ee896c15c20a0188be2bbbd6cb89db12637435c489fc3
[+] ./data/malware/3dce8322f749a2aed8a9da7c0d2670a82bce10f9038f286e5fa94577f0fc57ef
[+] ./data/malware/10c3579049c2396b2cb5cbbcd8d7a6fcf479bf9c0e16f2909bb14b6b4d735768
[-]
[+] ./data/malware/0730c7e1bc0ba0fac6e3d8bf8baac1953c5fc5c3b3d77c3bf244cfe8b75cc0f1
[+] ./data/malware/cef4b489b037f6adec49906b58b67ac504a82b65c3187b46d906f9356c284394
[+] ./data/malware/59399e56b27987c50e4320ef3b805efb8b2d76463f3084becca90830f3c59b51
[+] ./data/malware/1cbf329b143a0932064dc1ade7da9657fa218779dc99b140be6a986e17a09e11
[+] ./data/malware/2bb6ba2a3011b5820bc30a7986fbb3356cfdd92f6287264d51139a12c59f68c3
[+] ./data/malware/7fdcdc9bbf1dbd3343c9f0e2706b84c580189e0f42005b0cc53ebee3cd885c87
[+] ./data/malware/4d5be389a9743f18c109994086148154257ff7827b16ddd87752853887eb73f7
[+] ./data/malware/5a434c49cb043580e18b6ca33a01e61e9e65c1fdc26aa89ccc0c8923400a23b6
[+] ./data/malware/960eef6b284f5f03c8e358419ab7e9694ae0aefd5a923d9a6202a0764361c84c
[+] ./data/malware/2c35d36fbef41f51fce55dbe751bd3a2307e70c0ae055f58eb20271cdb5036fa
[-]
[+] ./data/malware/c06fc98500bfc6a56de88812254930a7e1466f00179750d19f66398ea0ba64d5
[+] ./data/malware/b8c1bb5014dde0701b424b0e16770f1f14a0806f353ac5aece75b49ca51eafd0
[+] ./data/malware/9701f4f2068929dea4185c6c9c9be9f509eac6f53ee15e584f47974a0b96fe14
[+] ./data/malware/3c5a6986d9cd1f4bc13a50d2bacaeeb71f2d827bd08b7f0b9ac870ec468719de
[-]
[-]
[+] ./data/malware/adc09c295222b90c4eb25a3badfa88976b5d9313a35e4023e8ea146ab4369f1c
[+] ./data/malware/bb77ff371efba8dbbd55072487171eafa446be95f970683c67de7d19b07c3c0b
[+] ./data/malware/a8669e9cfbb19572be0eba1a6f59d24a3155b01f6546ddded4c69898d6ae600c
[+] ./data/malware/af0af11fbb7a9b77927a2da1da65f1016b455e517fcbd223d42bea56bc6da442
[-]
[+] ./data/malware/08f7c373abfa4dc80b015c518834a2f441544a75ae5091f7585bedd31c0e31e2
[+] ./data/malware/58a3305e60e836d22e5b0bb68850b92d6077e74c30b0152625052b0680b95c88
[+] ./data/malware/ab59fbbf1752f23332541f4470160f63fac267fafd501f1fd9a249f86467eccd
[+] ./data/malware/d701d7d7db2536cc21ca3710872e9d86cba52d409eb4f88ae22b6c75ea924ecd
[+] ./data/malware/2691c4a41aad316f6fbfa2224f639edd890e38ebd0593fc1b8a9c2f7bfc4782d
[+] ./data/malware/20866850568dd3d2d4ff5d856cd258628cd037f8abb2cffc4d8ab77aa8afde1a
[+] ./data/malware/72a2ae423d8c804cbaba16510b11fc00268ae98ff9b89f2839d9fd0043b3028d
[+] ./data/malware/4a923f5859ac948959e116870857e2cd7972167acdedef65fc7ecd373d4892a4
[+] ./data/malware/a81f2938aee35ef632759531af1cbc2f9e744e3155e0fbf9537509ad17fca273
[+] ./data/malware/8ed1dde2831d3cc57194785d805cbfc7c20dcf3feaf5f171be7b507daa8433f5
[+] ./data/malware/5556dedde7d7dc3b27850c53031c2b9f918d6ff410840665f54db122042475a7
[+] ./data/malware/20a8f15ef6186413536aad11334983eb0b5036f6f89ece87b2a5d5896b229959
[+] ./data/malware/0d4e4ccf74a156bf4102a9b683b430b010a746a7cb1399fec8f69da59ad11b0a
[+] ./data/malware/fd353ce31912ea745bf0b47144171a5700b128664711adfdd007577cf087e546
[+] ./data/malware/48cfe53b964beb5ba3f94fa557b3646fb002ff9c22a6b8456d31f143ec6bf376
[+] ./data/malware/a163a205c9d2f6ab9b1231d509e88c852ad53fdd78ef0cd80664bf2b43dd4772
[+] ./data/malware/b7d657a61556fdf6f964a600d7cd918cfb24ec33f3a67ae5a6587fc10dcb26d9
[+] ./data/malware/4919847f6e5f4ba757ab6b55f3599e8369f785b0c63b091b6e3051e0316acbfd
[+] ./data/malware/576839e1a2f2eafe7032d9d5363a2040de9c3daa4ed3f777568bc4986e76fe52
[-]
[+] ./data/malware/1d94a265bb89f2f1155e2066c4585455f31dd0607772e930f04e9204e6889db6
[+] ./data/malware/20d6d009cee8bb1f4c8fe280a03d181a21d40b80cf0f08c4309240035c955e39
[+] ./data/malware/4d7d445f825db745c750e397dfbd3ff556697f1491a8c8102b0941f901857e07
[-]
[+] ./data/malware/1a13ebe7147dd568d37ad11663af8ea86c8e706c7e1119eaf7f5bcf7915d8ba1
[+] ./data/malware/90428d61c592805fecd4dc0188e144591120c84e3fb89bd012116034a77d5340
[+] ./data/malware/7f403c32de153a769d54a7144dc94c03e6b32aa8549d34e727649cbf0646db08
[+] ./data/malware/c0be7a344a863894890127e61851838037bd9d076423bfc8296cfd6e01d66f6b
[+] ./data/malware/5c56da74208db017c583e9b002b348a2e56dad3316eb08860b126a10e5967dff
[+] ./data/malware/20bef119489f0e10041056dd738f8ff65db07f5b55fa0ecf9bc917bc7705e7c7
[+] ./data/malware/b64ca63aa4083316896ba5ee578788843859fc81953d629c81a8a5f39b0cf9d9
[+] ./data/malware/5481e9586cd65b71cace4a3d25af4eb5e77f431066ff72e01b772a67635032c4
[+] ./data/malware/3f3132b1fd2148c34b83c49946fe472b7d81696665fd9c8008150a3053857261
[+] ./data/malware/61d5ae02ad56f91cecbbb2850b3e32bb8f05195633f1ae78376dd76a832998e1
[-]
[-]
[+] ./data/malware/590766c37733bb55dba7ca9eb2c8d186bd18b2c8e6cff1bd49cdc6652f884162
[-]
[+] ./data/malware/1410447de4851cfca8e9d1aafbe0fd2cc3d06d2201929b683417e7cc2269b084
[-]
[-]
[+] ./data/malware/6d7ea30f0b4a32dd8a6d26d3ff062317253bf0966c02be782b5b73e7b1149e5b
[+] ./data/malware/4b18da73cd54b742d727f1b3b70fc64942de916ce0ea7d4139d22f4625de4645
[+] ./data/malware/d942c0a0b558d228e64ec19da22d0acf4cc2a0cf0d8771ef5752d311df6474b5
[+] ./data/malware/2e9532ca86fbaa19de9b8e529ed10adf791064fcc56f9b1d86e907c4bd9b1a77
[+] ./data/malware/1a05660630ee0995f558cd0419117e4bc736cf954f5b703ebb3e986f9cf762fb
[+] ./data/malware/a8ce807548d49e2cfe83c04fe00521289426bac3579a8400fbde6fa6a3da6f22
[+] ./data/malware/c9a75996d09b9f1365e665bc42640f03f2c506964a4abcbeac95a07a97d666a7
[-]
[-]
[+] ./data/malware/f106307a90b03b3b91721c9bf8f763ee3022c3a318d0df611c49450433f7fb1f
[+] ./data/malware/5e0c529a5ded9802307428d4c18b84ad36f674e36e050dd515d554af981010e7
[-]
[-]
[+] ./data/malware/9604293e5c87e7f97b778699e129f19e6f19c9b8a4f307329c6ce1fa31436e65
[-]
[-]
[+] ./data/malware/7c48c1c26bdab0759787e130d6e0caefc70c7ea14be9856f385af422cd9d9f3f
[+] ./data/malware/cf3617f3a3ce58489034e48f9cd52d8e869089ef7d27cb171c7a84587ef24894
[+] ./data/malware/133b13790a6150d75cb797b9d02f7986803c2fcd2c66135066a9d98a3b59f0b3
[+] ./data/malware/cc6ebc65ece218c4d9ffbc72df1f96311f9e24b3af307491f33f3c72252b4730
[-]
[-]
[+] ./data/malware/90457f123fcca3b43ec0ab962e2c186074d37776304d3996c3be1af6912a701c
[+] ./data/malware/d14f36b198b9d1fea5b09a0794d56d2959c6dfe2fc6b0830075f044fbb4f72aa
[-]
[-]
[+] ./data/malware/28e489769672c34430d942d0829517470b396fa16661e1c1029db6b677a96fad
[-]
[-]
[+] ./data/malware/6d5aa16e97689af6d6464aee85edd7160a929a2f0c351b43104eacd0adf1c042
[+] ./data/malware/2fb0af0e0f164251f3c4a3cf24537ea4060dd897a497de68717edf018beaff47
[-]
[-]
[+] ./data/malware/69c21aa33067e98e331dfef3e7b36d338abb09e3395c177850a68ee4401b939d
[+] ./data/malware/0cb93487639cd60e5f88642514c91dae11f3fd2635e4fdd2c01ab17cd1785c2c
[+] ./data/malware/df5baaf7361227dce7d44aa9cb7ccf72a12ea057b404a79550919ec352ab84d3
[-]
[-]
[+] ./data/malware/fef17c9f848a3d291aa2070105bbbc143bb48ffd4c1fdfac24b1eea39782c0de
[+] ./data/malware/ae87afb90767f3a8fc43c0e2bb569be0056222a1f9632c350154bce16e44c11c
[+] ./data/malware/8d45c03081c64663abe1f83220e5efeca5661fe6f9ab564a74f3ec7e01aead7f
[+] ./data/malware/f21e9ca8169b6ce332afccbbd8bee5cec9b0081f65f6788406c6f45c03e6a968
[+] ./data/malware/a2de7686de9ffffdde12a4f13b467bd1899a4860353db0b36ddb6ef1c029ff7c
[+] ./data/malware/bf00fe376b2daed5c7b648bde4bf013c1a6840be2b054ff4a7d3248543690a07
[-]
[+] ./data/malware/1d26329a19713971dd82b2a3e5e3deb38df996095365e09d68ec71596ec4a1dc
[+] ./data/malware/3be8a8db322b71e851ae241b124c4dfbdd76324b90b5c095a80bd310c65cc1a7
[+] ./data/malware/550e925fc282785456ddedf5d71030191f05d2351c6bc156df9df4753878e90d
[-]
[+] ./data/malware/f2e68e0d707fd7c7430c3fd4175ea2bc5a6a7b178885b57800459ff8af0abe5c
[+] ./data/malware/a9ad1e7b242cf084c621f046e9d2ecb0251afeceb39adbfb6dfd96057d0368bd
[+] ./data/malware/95a2bb0edbb1bf20d3a561f2df135e568353eae813ce6c1eed909d04900d416f
[+] ./data/malware/cf2782ea0689ee6ad255a660f7f4ea13f487d6488c6b54c175d7cdb716826a2f
[+] ./data/malware/222a7bc35cc02800086c6cd9ed36fff7e90672ea2c0d1593b5e4728b2424e9a7
[+] ./data/malware/8ca39c796aef656f65fa0b87ce6fc3cd3ace91585b3459f0d2443b3ae6ea16fa
[+] ./data/malware/528054a1dc69ce3038086b05c61ea7e4117057f5f21121ae1358ef0c1ce7b45e
[+] ./data/malware/68a48964f3f010ebee03d061919bb25ac8b39cdabaa0e8f854306e7a607a60f4
[+] ./data/malware/dc1f3d6668938040fceb3b959440f50668c7afb4770df534131133a9c2d8252c
[+] ./data/malware/24de8cd24631271add833dc11b601d46f2de5f4e5d7380fcaaff0aa28d544756
[+] ./data/malware/358b06f3e46f54c4c87d6fa5fad3876a6e42c3f2b875fa5cc58f0fa1af8ff84a
[+] ./data/malware/9065cac7e0a4b70534c12165e2f2d5c6df3e60625addd6a372b539f3efaa49cf
[+] ./data/malware/e32669c449629bc13ddbfc0b64cd6eec781253217c5db0feea7ccede5ab28dfc
[+] ./data/malware/bb64b57454f11dc0ea90eb5734b74ec5701a2d079080d4251a041050a5b47167
[-]
[-]
[+] ./data/malware/88150367aa119b5392050799a6e9d2aa135d37a0b26d7055adac03c1e1b9b2ad
[+] ./data/malware/db3e29051639b1b843821283c2c361044f5e8f169e0390839fdaff10ee8f9114
[-]
[-]
[+] ./data/malware/cf301ae1dd3d8fdce27f624ac102a44349f2b9f24b25731db4406dadb103e884
[+] ./data/malware/7f4a849f041fc0c4b8fb8dc789ac3dd72d8de922515360326c890b96a099b57d
[+] ./data/malware/cc1944c6e3d3ab0dcfe4e9323b1c6906ec699be7aabae9b34791c0286b39b663
[+] ./data/malware/237f2e44426612eb410b1656547ca36ba608f653911c18d3bdd5377774007053
[-]
[+] ./data/malware/05f0e608c8bd180c20465edbf2ce63900298d79f178e474774b9b205f23a255d
[+] ./data/malware/53e2b6a7f41c6479a40ee20a0048b0e0f851b85c051a38972efb06cf065430e5
[-]
[+] ./data/malware/928dca2a8beb02fc52cc5e82bf47d7cc7c14f394ecd4d976b75a9d9a24131bb5
[+] ./data/malware/9c790e52f85186e54147c1bc6dd5aa324107979d88f482b26514dcb3a280dd68
[+] ./data/malware/10884471bd86e199f38dd97ea1c207bfedf5cc0ce5e7ebadb5a78b52a0776bc4
[+] ./data/malware/77b33050c0b300f64858371f2fdb46e56c721cceecaacc40b0b5d16b0846be18
[+] ./data/malware/1832274845811b18784a09623839bab7a7efb1fd78fc882937caa7e3cb6046b6
[+] ./data/malware/7c70e55ab01df14bec956cc869223f3ce231fb3828c2ac08996c4a9953ef02f4
[-]
[-]
[+] ./data/malware/c68e9f3d0ff98f04b8c1e9ffd0c3a67781bf4b2984e8d17231822883e0f36df5
[+] ./data/malware/e411e9caad9f33646d3a4736da6420ef814a615fe8e5e6643b3e0a873e2c5209
[+] ./data/malware/03d8af28ecdfe2fc392f2d0e9260706debec2e72fa7ef5e9bd492768325c2ea7
[+] ./data/malware/0d36a4a97dcf7962f0670d09fc2b15c5dea7eb2d0fcd3ee00275fc8896d018e4
[+] ./data/malware/8215ca9e02357b4a0019f8813a658a26adbbce59ae3bafb963bfbe0cec81db57
[+] ./data/malware/9e73b9588d3b21bd8ed27ecb57c6381c63b4a6d55b9ea5a668ee21b85d35cbd3
[+] ./data/malware/318cba67eaf945c667019f2d3d5a88f4850d27aa153e8718668c60debb54a2b4
[+] ./data/malware/53d7a3530e71c5c0d5a1e8fd9456ee6a49e39dbbed6b19044a6b15855b8c0b3c
[+] ./data/malware/a0ce718c6ffa64758bd705863fa40374d57504f8e327d7dad45b7fe0992fc25f
[-]
[+] ./data/malware/4e903131653f2203f82e82ee3df903360ad59b1d574e7a6dfee6f5cd63b26a35
[+] ./data/malware/5d415f30075b6d3c3f65205e049ff1fe89115bda7e36ea162b85b10d3e08aefd
[-]
[+] ./data/malware/8233bbc061c7bec9a7fac1b87922847f9a2ace0f950a7f6cd404c76addfc65db
[+] ./data/malware/0c2d88e35e35ad495009f2dd2e0f467211297bfb4306eea06cb8d78decffcb75
[+] ./data/malware/4b918308a9548fef214a00d9d332378a92132d9247d3a2f0e9230ec59137f4eb
[-]
[+] ./data/malware/2fe57b9024edd2c1c5c35dd1f03f88d45c194dd00bc7be12ae7d82a2a18a2e4f
[+] ./data/malware/b90c45b593caa67d5c686b4c0ae43364be4fedcaf801c57cd08b39c8f66bc1ab
[+] ./data/malware/7118f44277e560fb597c02d33d0fe4eb1ff69204b49da88e526c5f1e63bd0adc
[+] ./data/malware/3e814b46804787fc22a09b5915ebffa456317b7425df9eaaaea727fab2e85b01
[+] ./data/malware/c83263d852ec6c0c891bd2a281e45aaed3332dfd33d289eb78a55ec6f464337a
[+] ./data/malware/29be0cae71c8a88a49726327c7a04eec03eb96becc5bbbed4d0e07b80637d0df
[+] ./data/malware/180bb3a0e1af1f22fdb59d1fd565e80777d761e1c08adab92e9010e789c2be69
[+] ./data/malware/cc7fed7020ba9aab671fa3278d4ad530d5046d69fe056d638691432f5936cd2e
[+] ./data/malware/9fbb168a5cd5922e85ef5c8ee8e895f1a666991be6585a440c11bcadd84c93fe
[+] ./data/malware/8baa06d7d12f114b97e7fa41cedacbc6ea43b8ba506eec76328eee1c56c8f9d0
[-]
[+] ./data/malware/6157fb7d72639cd60ea8c162222b58bcfca772182e1c8ca5fcba07ab8cb14e32
[+] ./data/malware/3344c73616af23482450024453d7f88fd11e1cb2e7f1972b5ac406f4532068ce
[-]
[-]
[+] ./data/malware/9f9c723f70673656a68ba5f47778757d7a27bfe6f21bc78005107e19e737ab5e
[+] ./data/malware/202377640777e1416e1c6082eb4a2a885c14a70cfb26556eb881de173a3174f7
[+] ./data/malware/ca8a48fb04c2af0d2ff09b880fa81a518b6caae6abf7b0e91eb402899687f8fd
[+] ./data/malware/06ec5432328675ec67fe6b4ec9876ad4b21c7e3ec6464cc5d413812d65e3a64a
[+] ./data/malware/e65f6131d5e50cc106a826249cb157dd5d984f219a7f68ecbb0d19e1f29dafdc
[+] ./data/malware/694d2a24f641ab5379049d579f8d382904bc400c7915e44aa8c0cb95b0957d1c
[+] ./data/malware/c577b542762b3c4f3d981eb2e0839fa2d7e7cdd52916390d77a334d40737678d
[+] ./data/malware/5e1f857866d58145c5a5791067214ab371c73849737497686c510f534c629557
[+] ./data/malware/59c232ac9a7c1893fe374c4833fa8b5962576fc4ef31e663c0782ab1cfcb4220
[+] ./data/malware/95e71beb42bf1c7c0ef0f08b57c9ace1b58c07661eebaf41e9b5607f9129afd0
[+] ./data/malware/8f759b877c2adfcb5a18dd58b755a1c0899e00d4d3296aa382138dec89749ba3
[-]
[-]
[+] ./data/malware/33f6cce599557993969af2ae7c1076a45866811ff8fab866ebdef69da7ce2c3e
[-]
[-]
[+] ./data/malware/3ef2ac6a6fd915f211f2c40a44c3065ce81720362fd00bdbc3bb47e003a3fba8
[+] ./data/malware/2ccab21121df27e4297f3d669f2b21267f1f3211e8fe09cf665024001ec53b75
[-]
[-]
[+] ./data/malware/60ddb0c3201897bcd98e9cf3aa8eca8851274ab77caec001c974d8864288e1be
[+] ./data/malware/388c4d430259d15ce9d9fe6e8abb79351538d6e1f2d4327d8c6497c7c486645a
[+] ./data/malware/2d14147c131afd39db6f868a0bf7d5ab5697b5eae497af5170c31d83287a855d
[+] ./data/malware/454991dd0268cfb691d38e28199dd7bbf47cba78d8d39b40cfc481b81db0ff07
[+] ./data/malware/35b8f943c86d3c6abc48613e94b80d8c7fdd7a61bcca1e876ba54e3436ca1fa9
[+] ./data/malware/a8187a33f878d4e526ad8284e6209e4f25d89ced88ca7a2efc7ef7fd6c3e7cee
[-]
[+] ./data/malware/c399978c5882e926f83d44095687ff604d34ba588b217cfffe38a9e5b9765b91
[+] ./data/malware/bc90bd9af3a38846f1f167db751f16b3a26a90bd6de2a20c48a75bb3b23b0547
[+] ./data/malware/236f89f80987e348e7caf6669ce8f7f5fa8dd319c4f1ba65e2bb54167e1958f3
[+] ./data/malware/017a1596c87a3ab76161666f34113ab8b16d1e5da7d535c705949d3a6b36398d
[+] ./data/malware/7d2022518de508a988bbf7495cdb27d4af9666c4f93d5bdf9aff979622255f68
[+] ./data/malware/1ebebe4cf789d000f700d89be46dbbfc2b1edca283dc4e2e46eeb0a6d1133144
[+] ./data/malware/e04031a7c2095b795162df0926bb9e4ec3685bbb817861102262b932e70ea0cd
[+] ./data/malware/9ee4a88c8e0594299d9d019dc0db5bfabb54fbad97aaff066fa866b1bb894f91
[+] ./data/malware/891e34f023cec5106828ebd13f76bbe5eb03c142da9c8ee14484403ae5fe2a07
[-]
[-]
[+] ./data/malware/7e78819f722261855ee6893500b68d2aa84e975b00cdce68c34bca821f8cad47
[+] ./data/malware/2b1bd9877ffb6f1422d2053e95b9acfeadae1ff4033553ce164d4150b31d04fc
[+] ./data/malware/bc1ea7fa981b02acfce1d92555d5e4d52f61be7b1b11c95a83d6555ac50aac9b
[+] ./data/malware/e647717985bf0a1c6b3e2464d4f95d2efe3b77801c43246bde45eae908b940b8
[+] ./data/malware/9ae1fb3abafca43545340aca63a736c4d0fab1fd8d4fbbd9f212f4e228220077
[+] ./data/malware/6262fdf0c20cde4333154d22fafccedb99856c1ab2dd0964c7dbf8892197d68e
[+] ./data/malware/d33e6b41a890d73d656e2bdd0663a9d28c75226796a069b861f63afe790d4ee2
[-]
[+] ./data/malware/12fd18ddc4b6e27d6f0a4db4d473d0f014daf76486ce2809be21e9507c62a316
[-]
[-]
[+] ./data/malware/5d9d8c129d9464885a9076159cb413d2d7c928ea0e2fe3a7b3acde77d29978fc
[+] ./data/malware/1760c643d8d0066f40e68659966d8e19e864299426605be40700a599be66adad
[+] ./data/malware/554c9b195c6a702569600de1148e3e5461fc92c75b45aed98e7d70218eb02df5
[-]
[+] ./data/malware/68ba25079b1394986f7208d6dabc272ae35d6578b9525d7470fe9560159ff943
[+] ./data/malware/dc72db959e60d3826e00fe1cf2ec668cb63871c230879e99eed66d6dbc553b52
[-]
[-]
[+] ./data/malware/93cfce739ea094b074d5e4fe11193ea8ed49946c83ddff480cdf5660a75eb689
[+] ./data/malware/124883126fb29d731189e33ce768577d2de4f70f34df60811a2d1925a4790170
[+] ./data/malware/3f842bd4ef9728e19a5f16177ecd9b351f9f55105cff731c86ec99693e67fd8e
[+] ./data/malware/b772ce40f992b0948e3c858b03d132377e62fb95568a7e100f56fbe64739b55b
[-]
[+] ./data/malware/4d29729cbcff4cfa719e6fec77c13da0de3f1188cd581e969b65acea30484a07
[-]
[-]
[+] ./data/malware/933c748e8708d6b463b04b1d9abaecfd32f514a364ba9e216f82940a5e813a70
[+] ./data/malware/ccb6f32b36f8d3dfd9ad6112ee763308d5e8cb6c0ee275ed5c329d07acfa88ec
[-]
[+] ./data/malware/1d911f1eb16af290edad1219a45875f30693d6a36af322934cc597f0073f6457
[+] ./data/malware/81f35dcd965dff4faaaa775075d80da22a5fdaaa4ff5d40188cd5341be6c778f
[+] ./data/malware/9655a5a20c18928a2d883b1bec10e1d443ec9a152efd4ecf008b88f886b967d4
[-]
[-]
[+] ./data/malware/1d278653e0cbe848bf17fe3f778cfa38e9a79a507a231b1ef76dd62fb69ac5f5
[-]
[-]
[+] ./data/malware/3fe4e7a0a80e574fcde544d9c8074b0cdd90b08f6451f566e61ac70cfe201fc5
[+] ./data/malware/9675bd6f09ee4488c0e0d90851d4c5ace8cd4cc7de084d3741028400808530b2
[+] ./data/malware/7d7f1860850f539a5fdf2374f8c1b0cdb77500892f5d0f7e4a39c629b7d4c16d
[-]
[-]
[+] ./data/malware/75430d49c67c6b69ac562d1a7455e38e32755a85919a9dbdbf4882d4dad70f96
[+] ./data/malware/86f217a88e15aba7dfb24193e4d86648c8e2da19336b38fa8502f47d724b2cd4
[+] ./data/malware/3773a767edad25f74163507049902b7b0a8e3a8c57b052bab00256d05aeae306
[+] ./data/malware/79dba6c641b4be28a7888f625e1c1faa849893c682256a8406026d22e9b2c8d3
[+] ./data/malware/8b12eef74fb877629679504b030117f4fedeb38d645e578bc8382441fe96572c
[+] ./data/malware/393cd0a96ed1dd5f44d004affb65e95406ed4af63e23ccd0203bb017888351fe
[-]
[+] ./data/malware/02d30c0c6aec1869906a97039b604a8d885e55a58c30bc6b70a833a4bcfe8662
[-]
[+] ./data/malware/26c7eabb7226dbeffc544d040e0d83c311c2b40dbd64044994686b37dc2a45e3
[+] ./data/malware/5c904dba6263766e9f388a26b383f165c10b4d06b12ae0846fa18a6a303ad03e
[-]
[+] ./data/malware/0e0120604f328252fbcd85d39747cff98a10b31bad25f97bcd69b3ba6aa213fd
[+] ./data/malware/39641f1c43c6eed90d045a9d660baea68ac990c4c3522662a0d36b225c6da3d5
[+] ./data/malware/01edb51ae3d6d79dd1b57a3a2cf84ad082f2a12cad2877c60e7dbe96ff251b22
[+] ./data/malware/01f8fad499ebd1017200eb5673d21e82bbcdfb0c382f49929a62c14c796a5225
[+] ./data/malware/23b091fc7652eb5680b2fa4373a36e8a640ddb6e555c33af29f2842e10912581
[+] ./data/malware/5abc656d62b39862f29c82a27b788d46d8144dae3c5a8e4b87a3caa72f76384d
[+] ./data/malware/5896d527fecbe9b1068b5e6804769afb6208e771fb9870d6357d60f56855d3d1
[+] ./data/malware/ea29b59d8a7e9328c8d4fb105a42fd9cd57fc067dd079876e6028a308fd5c342
[+] ./data/malware/5976f122d6529e5ae60eec259a850fcf56e6c8820954e2579893aef5ae3352b7
[+] ./data/malware/b26ded71cf8b913756047e1dc0719bc5e2c37905ae5819005b29f13099e6efed
[-]
[+] ./data/malware/b132ea55ec4bc8cbfe95f72691d4ab3c49fb6b49603961ade03e9eb276cc9794
[+] ./data/malware/8d024914617c100051c788a950b3f5aedfe18152cd705f53eb6b53f6718be2b0
[+] ./data/malware/426020715f5ad14545ba39bc32577394acee42706c24a9c8e79347af2fd407d2
[-]
[+] ./data/malware/2e06d0ebc006b7abb206a5e3ecb56cb3162404656eaaafe95c2b95bec7669669
[+] ./data/malware/101c285300edf78e1a4222032c0295908257c28c868aba6f019358e14ca2fa12
[+] ./data/malware/35762d897761aa383e755eced4845e8a2effd33947843ecb2ccbde4aa17253cb
[+] ./data/malware/d406fbc2107aaf9d7803865be129f490247f79efcd3de32e6f60a65923f4d5ba
[+] ./data/malware/9613f2048b7c2609e03830d5f32c5395fc2181d5e96ca80fd76826488fd00f7c
[+] ./data/malware/8d8bc961be5ce00d10d7b4840d72885701cc20bfe08cda04c66f74d1a7706e67
[-]
[+] ./data/malware/a9932f82d9992e82f4dd46434c84834677a5d83d56c8339449cf12d5281f0fd9
[-]
[+] ./data/malware/535885cccbbc206bc77bec26a8cf2cc70dc2fc005b0daa46b347083931894b45
[+] ./data/malware/ad9d39e35f76538955913d9ca5cae6351b6a59f90396fec211c6ffbc2745a33f
[+] ./data/malware/c4ae92b70d858b90547ecb897469e75fb264645bd1369a68520512cdfabbfd76
[+] ./data/malware/4f1d180079b3c120650b23011e9cfb43e9d3f5f5f67fb48432f26836db3de9ac
[+] ./data/malware/3c57c336abbe953ab379eebc319482f933373ede8f30ed8e0215f38393873ce1
[+] ./data/malware/9a51eeddcba8cabab631b00ac3f324dd4e1c0b330e06ce6a79c724feb5118bb5
[-]
[-]
[+] ./data/malware/c42596870b532f86a28660158f5ea35a79c8edd09ee34677c7f95d36c04b08d3
[+] ./data/malware/8ffff484598e90767e96e7fcdfca37c82d1808bb5ea30d281ce8784ee164eb55
[+] ./data/malware/5087c7445e36ebb0a746a6961c39dd78d1d4ed8d2895e25abaae05413c3be8ea
[+] ./data/malware/3c1ffaf975a7aa8380f6fc111ba26476eed90008946d5de788cd50ec7a6b66aa
[-]
[-]
[+] ./data/malware/40036495b493e07d34b22e6833b063d5edb882f8f61c635b1c6064334d0d76f3
[+] ./data/malware/47851153e1efd092eafbfaae15b18f20bb8cd699cf1062ed7c11e43c4181a78c
[+] ./data/malware/437185de0cd49a605245b494aa8a6305375b5f067a2d50fe2a80198271b67e7a
[+] ./data/malware/b3debb87cda70761f234387c0bde1dcbc2f97d1da454ccdd3fcfd78626bbcb58
[+] ./data/malware/bababe21a23c67430c69484ec92c24710f561c20c3e8bc7a75a7cc6d9478a659
[-]
[+] ./data/malware/3826ea17aad6bc70c25325cbc5084933add96972498d4a17d780ad5d33b0e165
[+] ./data/malware/3e09126bb9245f524be55e3ca1ac11e26b8ecb26f455fe8d6fef90d78b35e259
[+] ./data/malware/c1baa34573b5b257f50e4998bd4eae72c8359ea93971af6be31f7456236165b5
[-]
[+] ./data/malware/85cb89dc3eb35b4088013d404979718ef2767cabcfce5269335126c89e80edd5
[+] ./data/malware/c5c86b23cc0352cfee11e7062523d22557619a2b45f2f8ff9da0ba96c89934b1
[-]
[-]
[+] ./data/malware/5a78cbd3d93d3c418b081baf415f9fe087c1b4d8a9a7aadb610fa7f3cb16ecc2
[+] ./data/malware/d87b37d5346312ccf3b629d2911c8c4802fffa4ad20bfb001ae85cff1186320d
[+] ./data/malware/e9a94221d0cd8c2716ef8d6157f587b2fe6d09e128885bc54015663cc39c0edb
[+] ./data/malware/a193b194595166df6fca3c960514d9e269de66d671119736f7a3336342fd5297
[-]
[-]
[+] ./data/malware/5fe50cc188551b4cb9fbfc89d7e3a3b66d5c3ab188003f602d8661f43e29b90f
[+] ./data/malware/0233b7eac732b159543513b9d148ddd5dcc54548be2867bf050fa3ff5f605064
[-]
[+] ./data/malware/743b1b48a92948d3a9e3f813d97f028f270d5bb5c7e1a535ec54fc3fa954014b
[+] ./data/malware/8a2a17170695e4e86965805df82c692804d1ed4335f504411fecc4101a109092
[-]
[+] ./data/malware/c9f177cb1800ef6ccc4b40cc9bc3de00745cd6b2b20ae49b6ce046d83b9e2b0f
[-]
[-]
[+] ./data/malware/22d47a69e5a223b6afb8eec6b893c780048cc0c4ce950a306ba8fe54caa1b0f7
[-]
[+] ./data/malware/36f6591c97f2ee32237077895f909f4c334a6ec164f460f2055fc870066245e2
[+] ./data/malware/0a0faa8e09269ec70fa16a3e2d27af5649b0e819525bd390e4d44fe9a604666c
[+] ./data/malware/03ccdc44982eb7cc3b64951c8ae287c5f79ee4edb8d61b0b084eeca84011264e
[+] ./data/malware/76de637a182f73a2f5d07dcbec95eba0b36bde8e0368281f0a8884aef390418b
[-]
[-]
[+] ./data/malware/9a2fe26b7cd6e7bbcb176e2c91893e2061ae9c094a225ed979cfe04c487b8f52
[+] ./data/malware/767a72c288c1c59ad66cfde80ee8a9f87c1e19c7366742d92930ec3b8e9dbf30
[-]
[+] ./data/malware/f3941074c899374b4b8c538d2fd93bcf7351686c3178e083271a8df919b611ae
[+] ./data/malware/7e4dfa13677374119405398ca669bf86e6c34449e7bd5396579c9460cef800e4
[+] ./data/malware/2df9b94ab21d882f6c9caffcf03dfd910786fcf62ec2dd161a1fe435c0d7a9a4
[+] ./data/malware/2512ec4c9e7b9fa27df463b70c22867ea87896a68d24854a8f10fc4da1a6bd1b
[+] ./data/malware/7ed0eacdb5e1cf0797178e509d167d9c1215a1c1ebd6725cdb70b51d64aa0d43
[+] ./data/malware/c124f107d52fb1a85d1b5ccf3e6a4212a531f3dd4b2edccbcd04fcc83a0b9183
[-]
[-]
[+] ./data/malware/8fc4dd78f6a1414aeb523bea862a08acedb942e16cb43e823d4196f6a3745a11
[+] ./data/malware/5a00ec85e0de347e52e9431543e7e19218994498fa561f07928f15b906afebc3
[-]
[-]
[+] ./data/malware/d48a02d1d7ada67611a777be64dbbaacd57924f9ff0a8eaad1972547f9569256
[+] ./data/malware/b65c03b9325bbf1118ad00b4bb42d2db0570a89c865fdeb6217e76b4d3bd233a
[-]
[+] ./data/malware/16866b1e5201d4d3a8a63100fe7fd6d74fa36b5648b3bcd4e12267f8827f597f
[+] ./data/malware/8c4b8684f7fbef3e4cab7a47039f8c972af5b73c01f39bf9f4adeb0d5653ad8e
[-]
[-]
[+] ./data/malware/59545ef5eb03e6eb4b43a9d329d8d43617dd8b146c59203895148bd1b233deee
[+] ./data/malware/25b03b6520ebb0d532111143b88a4271ba0cdb3beb485b2980d7dc5d92b39fa8
[+] ./data/malware/a6f4774156de36bc935597ef020c65f2d6e24cd48be08b6e7f98b19555ee3b4f
[+] ./data/malware/2cf222d489e7a9a44ec6dfa5e928e3a6b58226c31a7fe9d9230384446f955607
[+] ./data/malware/b5e99027aa834d9ca2380f2f3d95be48a3a22781c022f61f5a346972bb509aef
[+] ./data/malware/5096df319af5515306f8a2c4ecc8dec38448c2c6fd6facf23627c351667eaec2
[+] ./data/malware/e10cb9994f890c8bd6f49d2e07d0a4e7284ff083849aa000c903c0f8aebe2654
[+] ./data/malware/9fd050b81dc2c947a7dc91be54232a34dab8149c4f59269f4164b42af73747e0
[+] ./data/malware/8ce91d16ec31d8bc1672cb396ff8311008e127f5ee3c3f7978c599daae67f93e
[+] ./data/malware/77eb4a110d4a18546bb537af46d5dd3d73036a0b90d5d0b63f30c164550596f1
[+] ./data/malware/ceac9a8c206ac4cebbfd3b5efd67b3b92ea13239d910bd65429db87cf65a5440
[+] ./data/malware/bc5e01e8165907b958dfab9853b533b7c0e8a1f6baa1db56dc6a7a3ae2150e78
[-]
[-]
[+] ./data/malware/2afc4a24f024b8698642ce8d75aedff9fee94d9ec4e8aa444997d2833bb60da9
[+] ./data/malware/43e96f8797d4711ca8270d0e41d1920aa4bd5f465b29825e39de60f43ad6b39e
[+] ./data/malware/9a989717d12a3027343c842b2d72c023da7099d97639cfbd39041c1dfd0308a0
[+] ./data/malware/19ce03444ec992ba7a4e288b7e5e006523454f2c11c4fb87110606a26df06bdf
[-]
[+] ./data/malware/0dd9d3e39ad88f5bd2a47749878dbdeee30e9e16f6a9476edd0677c284cbb7c2
[+] ./data/malware/a747ab0ad442e17582607bdb5850644a17b7a058de6b9e5a2205a6a6569ff8db
[+] ./data/malware/d45e0b77ce387170298c6adff9097cfdb68ed5a38529cecf5a51b6b642ccba36
[+] ./data/malware/6abb95578c8f3341ea170e2184e56235644889281700a841e61d65fe45b80519
[+] ./data/malware/dbfc34f278a4e41267214e1fdcbbd28ec63d4054f546e01e5832cec3d334d135
[+] ./data/malware/1882a8ee3959789ccd6710cef5fde654d5d95d8fdc13de9b5eea485b5e06dfd1
[-]
[-]
[+] ./data/malware/14905373243166ea424db6c3b4923c1882fa92d637713fc8c681cb9ef5c36c6c
[+] ./data/malware/7316d366eec3da9f0757bceeacccbb4c8595bf08288bfa9db6b8ae2228899df4
[-]
[-]
[+] ./data/malware/733c43ff38b7c341f2a0f064ef3f0bc4200a33c9533b9fc558a4fe35cd39d3eb
[+] ./data/malware/8d1c9039f23e3a53e848567cefebcf8009f5218984c9c741aff363bfce102476
[-]
[+] ./data/malware/6334f6cd2af17fec522fe6443f05acecd002e5f52c86e516aa5b54fcfcebd170
[+] ./data/malware/b16f45eecf032b997d3ffb7354b8c4f546f6dd792b6083ccc5fd1faadc8c284a
[-] File not PE: ./data/malware/c43f61289cf097bdbbc4b264d6356817652cc0407b38545847f4250e8cf6d99d
=> Zip archive data
Removing file.
[+] ./data/malware/68d003ae15085663b50f6fccd4df7cad70798bcc61b5f30ef670c2fbbb4084dc
[-]
[+] ./data/malware/29730548ef5cbd722c86f4cfcabb29173d38a7c538befc281cab8f96154b4655
[+] ./data/malware/5b0842bc78915d712da423587af2b2b17bc21c6ac6713d3b4c2b61daeb167165
[-]
[-]
[+] ./data/malware/7b605f40a203a30ba6bced92b1b731601470f92a64c7cf92f078376661ac43a4
[+] ./data/malware/1ab0d7ae73c5f0696f786efb93e8957b78b7c5195573aa0dff770b7e7794f4c3
[+] ./data/malware/79ff017c232af6dff43cc336cb17293cd9ab7281e85391d8282daaa670e2d368
[+] ./data/malware/8c452e159752e25efbb945f66af6ba563a5b14d1874b33814acb4d11d2e30981
[+] ./data/malware/4413aeef55e37168a42461af2b1b0f692b7517606aac072988757cacca2327a7
[+] ./data/malware/c7f78db6d8d18bb2bb0663f2736599345be8978ac58fb4532025169ff340e752
[+] ./data/malware/d47ef1b5ac5f5bdcdf43919733d7e3935f3c313ac36eacc45f0c875698114a03
[+] ./data/malware/56980b78247805c214ba8a5adaff6018b8ad740c2a5b3a5c8d50b0a676d0c8aa
[+] ./data/malware/73dfab2cc9307fb34cf75930b930963cc02be23f9e8b87cd87d50e2476cb74d7
[+] ./data/malware/3c943b88b07b0d6210dce1746769194d3104bf19a0a581d7a075b19da63cf19f
[+] ./data/malware/5a87d463ec341664142d5dfebce4cecdcdd3f8259b51f86d5f797c18d83b8f66
[+] ./data/malware/1e05bc15c50398089c5e2bebd15ddbc5c07e382e181041c575481a4f2a3f2e62
[+] ./data/malware/6b7b54a29b8ab08b35d1a0d83b49249741526e4f2153c7192b06ee90c443a9d1
[+] ./data/malware/8e65b8b0637a89688524906d9a58b4d6bb275b0f37f4a115745fa428a4a59e9c
[+] ./data/malware/74499aa52ed87c6a9a90e990236d7aeab061cfa0f12397689b2d0ee12410932e
[+] ./data/malware/cbc4cb1056b59d186ebc39de6647946e7b92ec1000872b0e4c9ec604c001ce06
[+] ./data/malware/2ea7ba53f55d1abcfb6e7b14c0b36ebc72ff38b4d1ec3603e1cabbcc752e86c0
[+] ./data/malware/ced21ce61a3c9150e46ad1f93ac225a5ee6116334d9da5ba443794db8708e156
[+] ./data/malware/28abf49b5af3909813357f3044a9c8b42c028e9b77fc82700fcf5a393c0c4839
[-]
[-]
[+] ./data/malware/436a5ff5a22780be7433312a6fd87b5ee1313b98edd7cebaf11a318afb19622d
[+] ./data/malware/6dbcf9b55a03cbbfd3009f53e292cc5975ffb1ad136ed00c725356772f09d4b7
[+] ./data/malware/0544d6ed305440899e82b793660f3fcee7bf585e3051c182f5550c6b9f8b8f98
[-]
[+] ./data/malware/38c1eaf41dbf8251bedd53a58636c97372f818ebbe76b97ef427d72539d26be6
[+] ./data/malware/38ff98c056b705492c12a757149563a42b12c43208ea92f9c308b2f187becb74
[+] ./data/malware/d23bd82ae5878a946625d7a67921962e4e3304cdeda5bc47e402955a76aa8718
[+] ./data/malware/7b21ee388157d64dbcc44d263ba6e62d633bdd64458a4452d1b5743636684231
[+] ./data/malware/3c2f3f730ba452ff1cfef86d0ccbc09c411fb45eaee7861ba5fc66b880fe1c3a
[+] ./data/malware/73d807dcf7103b8dfadd56db747508cbe258081a8a900989285679999bad11cc
[+] ./data/malware/caf50ae6b130dfccdba999fe9d93dbc3dc75066b499835715ddd42443c8d9786
[+] ./data/malware/8fc2784ac119e5bd441218c7e43268977c6a5d63697d43ea9a21a929ac3ab76c
[+] ./data/malware/dba7b30682401e40fea5a14bc858d934261459a0e274e274f38844a3ea36bd6e
[+] ./data/malware/c4034813118d49aca0f8be68e264443521289c627ddfd5751bd5728a974bf0d5
[+] ./data/malware/bf06b816fe16e915592447c042bbb529cfc6ac382a4fc62010e10f15d3252ef6
[+] ./data/malware/180f76da669e8447edca155c3054b7b709885b026fbe5d5965201ffb16500172
[+] ./data/malware/dd7a51df679e9cfa4609eda781fcf520dce1805d0da3e8d243140374c3619ed8
[+] ./data/malware/54c8cc1327e27d1bdeeec44614e02ee6337ca51b558f954d9f14f47f704d8a96
[-]
[-]
[+] ./data/malware/86cf13cfd08d945dc516114939d559c9450bdd1867d94fa64757f1aff8d86911
[-]
[-]
[+] ./data/malware/bf9ef43f775cf2f049af6d24061ecad790e88a64725974f26f9cccc3b07e18f3
[-]
[-]
[+] ./data/malware/78403bfde2a779dc530d623820d17e6d050c316d7f68dba980b49e7b9d5856cc
[+] ./data/malware/0dda4832bfeddd2261634aa12928a5215860c4b090e45af36aa159ea325e6f70
[-]
[+] ./data/malware/8d0fe069c2619751dbc3310506c28afbe45288e37e4b92b51818e200d03a80b3
[+] ./data/malware/368fac9a24d0b544c9a5442e2666913e261d3cd845a0ef1646b02f206600348b
[+] ./data/malware/aa4f391dcc0de9fc1c27c93ff94f47e1a5185c046bbadd4d9fe5f868d24793e3
[-]
[+] ./data/malware/6cdf96b602ec10e4a9a713e471711c4fed02af7d40d435c484d9e55a045e6ba0
[-]
[+] ./data/malware/88cfe05358c1c44a7cc5ff09b30e0fe58c73e58becc724b04aceb9e4988cf920
[+] ./data/malware/28bf19434e6a2fd5cec3632784576d42b3d67135eec47d72db0cda2800b27814
[+] ./data/malware/68142e058d6123c0e2e6a623189eb5d7ccfe59dae52dca751db5c5600d31e446
[+] ./data/malware/75420d9f3fa29fb6e99c4affbf6adcc03fc2b375034e443db88f4b7c0b622125
[+] ./data/malware/b78038b0f8943d5ab243462f7b9d0e99eb1b0eadb1737d8cb65f595e8733e2d3
[+] ./data/malware/262f4534a3f41a1d00ccab7cb1ca330a6c39204529e650d95bf168d3be52307d
[-]
[+] ./data/malware/2ae130e8471de572550f425f261de6369fe5784a7423a3f9488bd3807f4ec581
[+] ./data/malware/d60a769c000fd56bf4ad4728adf36afe46073337f4e8deafa2a834c0f8289fd5
[-]
[+] ./data/malware/709401e49372ea0405b9d1ac37daea5ed499469c245012baa3d77e6b3864cfb3
[+] ./data/malware/74c3c9a4e6728191382470d0d70fdc8eeb74e5a2ed941cc34e9f7146a527480c
[+] ./data/malware/35b97b759d6ce90ae6d2d3da6131046035020383cf5cea2a5d59510f3fc1d9d7
[-]
[-]
[+] ./data/malware/432a06c4bbe435c375f23e00b7f5d682fb93d31fcd082717e116dad2628eb4f2
[+] ./data/malware/bcffc6796f0043c354635b9b961798239b1c8f0c0cae3b910b45dc67a35c397d
[-]
[-]
[+] ./data/malware/85f4715ee748efac042d3dda901d39c539d02b7e592e62a2501547c0a7da0b10
[+] ./data/malware/5bfe3a260c9473b51f584505b45e3b4c6e90b412b303f792ed35b8e6920c4b9b
[-]
[-]
[+] ./data/malware/20bf7eb38d34e46099e08eb3394383f1c0ed21686b89d3c0ae74829babdadad0
[+] ./data/malware/c11c5e4489f95b42753fb0e1e80020979b61f797255d61c31ce3094918f6c4e6
[-]
[-]
[+] ./data/malware/3cec9b0e4f60895cdad85e8190352662edebe353e4dab4a5f301376b81b5df1a
[+] ./data/malware/3a26abded2c4305dd780912d5db949dfcbfdbb41f7908478a97b625d304821aa
[+] ./data/malware/28f2f64d13fc0f3ff2f5676da7dfc021b0d860d29ab2fd566574c6bbf9d5e0ce
[+] ./data/malware/1191213732f83276ce81fbd85549c6af72b22bba43fd9eb7524ea220a6eccc5f
[+] ./data/malware/785bf15195704996029556f7926a27e0a77a579d723e2a8b2e85648d230bd676
[+] ./data/malware/eb94ef1c22bd34c0ca2187024eca4aea3cd063c223f3d37889e08813774e5179
[-]
[-]
[+] ./data/malware/409ac4598eb81fc8270e64d97c76e506d79ad88cecdd2ca0c528f17d51082741
[+] ./data/malware/c10b0bc20c69fe389891addf684fcc5bff678c1de3da05d8c90f492d3d8df547
[+] ./data/malware/8b4518ded714b28dab43e8c4cdc97611e074841d26daf6759a0dc613285eab0c
[+] ./data/malware/3365106f1cffa97b4f92c3f5345baf665e586a1cdc40db759ab09781676d1996
[+] ./data/malware/7c23c35d46cec1b80daa31cae3e40784970dd812c32a4c0e043c75a06a0477f5
[+] ./data/malware/53d8fb74b81b035f85ac1336ee841988b512682f1e46eb843c33185a3280f7c1
[+] ./data/malware/63ce11e3c93db194fbd2bb199f440fb0f262ba519deabc922a3bb4fc66ceadff
[+] ./data/malware/b69544a8f8136e0292d56c5150a2cef176488cac5c2ba2daa4cb613034098a93
[+] ./data/malware/1baa26354e41f811119b4c61a64d156d3c05f7b60f97976110fff40db3e24121
[-]
[-]
[+] ./data/malware/8dc6f38e8dd0746c1295609d7ecd5ddce04fb49549613eaf6603739a514a9e82
[+] ./data/malware/0c55fe68032aba40d00f7b41602720a71e265555a61332934f597040fa6dd167
[*] Malware PE information:
{'0004cec68fdb95507c6161d84e4965db60f997a679ce20786075992f1e5b340c': {'AddressOfEntryPoint': 1073962461,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 155648,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'CreateProcessAsUserW',
'COMCTL32.dll': 'PropertySheetW',
'GDI32.dll': 'GetStockObject',
'KERNEL32.dll': 'OutputDebugStringA',
'PSAPI.DLL': 'EnumProcessModules',
'SETUPAPI.dll': 'SetupInitDefaultQueueCallbackEx',
'SHELL32.dll': 'ShellExecuteW',
'SHLWAPI.dll': 'PathUnquoteSpacesW',
'USER32.dll': 'SetWindowLongPtrW',
'USERENV.dll': 'DestroyEnvironmentBlock',
'WINSPOOL.DRV': 'ClosePrinter',
'comdlg32.dll': 'GetOpenFileNameW',
'msvcrt.dll': '_strcmpi',
'ole32.dll': 'CoTaskMemFree'},
'ImportedFunctions': ['GetPrivateProfileSectionW',
'CopyFileW',
'SetFileAttributesW',
'GetFileAttributesW',
'Sleep',
'GetModuleFileNameW',
'FindClose',
'FindNextFileW',
'FindFirstFileW',
'GetVersionExW',
'TerminateProcess',
'OpenProcess',
'GetFileSize',
'GetTickCount',
'RemoveDirectoryW',
'SetEvent',
'CreateEventW',
'GlobalFree',
'GlobalAlloc',
'GetCurrentProcess',
'GetProcAddress',
'GetModuleHandleW',
'VerifyVersionInfoW',
'VerSetConditionMask',
'GetCurrentThread',
'GetPrivateProfileSectionNamesW',
'CreateMutexW',
'ReleaseMutex',
'WaitForSingleObject',
'UnmapViewOfFile',
'MapViewOfFile',
'OpenFileMappingW',
'ProcessIdToSessionId',
'GetCurrentProcessId',
'CreateFileMappingW',
'CreateDirectoryW',
'lstrlenA',
'OpenEventW',
'GetSystemInfo',
'GetExitCodeProcess',
'ResetEvent',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'WritePrivateProfileStringW',
'DeleteFileW',
'GetLocalTime',
'RtlCaptureContext',
'GetStartupInfoA',
'SystemTimeToFileTime',
'FileTimeToSystemTime',
'GetSystemDirectoryW',
'ReadFile',
'GetLastError',
'_local_unwind',
'LoadLibraryW',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'FreeLibrary',
'__C_specific_handler',
'lstrcmpW',
'lstrcmpiW',
'WideCharToMultiByte',
'lstrcatW',
'lstrcpyW',
'GetPrivateProfileStringW',
'LoadLibraryA',
'GetPrivateProfileIntW',
'MultiByteToWideChar',
'lstrlenW',
'CreateFileW',
'WriteFile',
'SetFilePointer',
'CloseHandle',
'OutputDebugStringW',
'CreateProcessW',
'OutputDebugStringA',
'EndDialog',
'IsDlgButtonChecked',
'GetWindowTextW',
'CheckDlgButton',
'LoadMenuW',
'GetSubMenu',
'GetSystemMetrics',
'TrackPopupMenu',
'DestroyMenu',
'SendMessageW',
'DialogBoxParamW',
'CreateDialogParamW',
'CharLowerBuffA',
'LoadIconW',
'LoadCursorW',
'RegisterClassExW',
'GetWindowRect',
'CreateWindowExW',
'ShowWindow',
'SetWindowPos',
'UpdateWindow',
'GetDesktopWindow',
'GetWindowLongW',
'GetWindow',
'IsWindowVisible',
'EnumWindows',
'PostMessageW',
'GetMessageW',
'SetWindowTextW',
'IsDialogMessageW',
'TranslateMessage',
'DispatchMessageW',
'PostQuitMessage',
'DestroyWindow',
'DefWindowProcW',
'LoadStringW',
'MessageBoxW',
'SetForegroundWindow',
'GetDlgItem',
'BringWindowToTop',
'GetCursorPos',
'SetWindowLongPtrW',
'GetStockObject',
'EnumPrintersW',
'DeleteMonitorW',
'EnumMonitorsW',
'EnumPortsW',
'AddPrinterW',
'DeletePrinterDriverW',
'AddPrinterDriverExW',
'DeletePrinter',
'GetPrinterW',
'GetPrinterDriverW',
'AddMonitorW',
'GetPrinterDriverDirectoryW',
'AddFormW',
'DeleteFormW',
'OpenPrinterW',
'EnumFormsW',
'ClosePrinter',
'GetOpenFileNameW',
'SetSecurityDescriptorSacl',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'RegDeleteKeyW',
'CloseServiceHandle',
'QueryServiceStatusEx',
'StartServiceW',
'OpenServiceW',
'OpenSCManagerW',
'ControlService',
'DuplicateTokenEx',
'GetSecurityDescriptorSacl',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'SetSecurityDescriptorDacl',
'InitializeSecurityDescriptor',
'QueryServiceStatus',
'OpenThreadToken',
'FreeSid',
'CheckTokenMembership',
'AllocateAndInitializeSid',
'CreateProcessAsUserW',
'SHBrowseForFolderW',
'SHGetPathFromIDListW',
'SHGetFolderPathW',
'ShellExecuteW',
'CoTaskMemFree',
'PathIsFileSpecW',
'PathRemoveBlanksW',
'PathFindFileNameW',
'PathRemoveBlanksA',
'PathAddBackslashW',
'PathRemoveExtensionA',
'PathRemoveFileSpecW',
'PathFindExtensionW',
'PathRemoveExtensionW',
'PathUnquoteSpacesW',
'EnumProcesses',
'GetModuleBaseNameW',
'EnumProcessModules',
'SetupSetDirectoryIdW',
'SetupOpenAppendInfFileW',
'SetupOpenInfFileW',
'SetupDefaultQueueCallbackW',
'SetupCloseInfFile',
'SetupTermDefaultQueueCallback',
'SetupInstallFromInfSectionW',
'SetupInitDefaultQueueCallbackEx',
'PropertySheetW',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'vsprintf',
'strcpy',
'swscanf',
'wcschr',
'wcstok',
'sscanf',
'isdigit',
'iswdigit',
'fclose',
'sprintf',
'fopen',
'memcpy',
'rand',
'_itow',
'_wtoi',
'atof',
'memcmp',
'strstr',
'wcsstr',
'wcsrchr',
'_wmakepath',
'_wsplitpath',
'_wcsicmp',
'towlower',
'memmove',
'wcslen',
'fprintf',
'_wtol',
'toupper',
'tolower',
'ceil',
'_XcptFilter',
'_c_exit',
'_exit',
'_cexit',
'exit',
'_acmdln',
'__getmainargs',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'memset',
'time',
'localtime',
'_vsnwprintf',
'_vsnprintf',
'??3@YAXPEAX@Z',
'??2@YAPEAX_K@Z',
'strrchr',
'iswspace',
'strlen',
'_strcmpi'],
'LinkerVersion': 8,
'NumberOfImportDLL': 14,
'NumberOfImportFunctions': 253,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 10856,
'SectionNames': {'.data\x00\x00\x00': 5120,
'.pdata\x00\x00': 4608,
'.rdata\x00\x00': 49664,
'.text\x00\x00\x00': 148992,
'gr\x03\x00c\x00\x00\x00': 11264},
'StackReserveSize': 1048576,
'filename': './data/malware/0004cec68fdb95507c6161d84e4965db60f997a679ce20786075992f1e5b340c'},
'0024eec62931670946abd4240d38127e23b4c0c9321de43bc9af96804d30dd50': {'AddressOfEntryPoint': 37296,
'DebugRVA': 24720,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NTOSKRNL.exe': 'KeBugCheckEx',
'storport.sys': 'StorPortDebugPrint'},
'ImportedFunctions': ['StorPortPauseDevice',
'StorPortGetDeviceBase',
'StorPortResumeDevice',
'StorPortLogError',
'StorPortStallExecution',
'StorPortInitialize',
'StorPortNotification',
'StorPortCompleteRequest',
'StorPortReady',
'StorPortGetUncachedExtension',
'StorPortConvertUlongToPhysicalAddress',
'StorPortGetVirtualAddress',
'StorPortGetPhysicalAddress',
'StorPortValidateRange',
'StorPortDebugPrint',
'KeBugCheckEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 16,
'NumberOfSections': 7,
'OSVersion': 6,
'ResSize': 1536,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1024,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 18432,
'INIT\x00\x00\x00\x00': 1536},
'StackReserveSize': 262144,
'filename': './data/malware/0024eec62931670946abd4240d38127e23b4c0c9321de43bc9af96804d30dd50'},
'00a02d154e7389d3a5fe572e9800f1628e74b8aabe4270f3282a8c0ab0951ff9': {'AddressOfEntryPoint': 1073916548,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 114688,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'EnterCriticalSection',
'OLEAUT32.dll': 'VariantClear',
'SHELL32.dll': 'Shell_NotifyIconW',
'SHLWAPI.dll': 'StrStrIA',
'USER32.dll': 'CreatePopupMenu',
'hccutils.DLL': 'FindResources',
'ole32.dll': 'CoTaskMemAlloc'},
'ImportedFunctions': ['LoadBITMAP',
'LoadSTRINGW',
'LoadICON',
'LoadIMAGE',
'FindResources',
'CreateEventA',
'MultiByteToWideChar',
'WideCharToMultiByte',
'lstrlenW',
'RaiseException',
'InitializeCriticalSection',
'DeleteCriticalSection',
'lstrlenA',
'lstrcmpiA',
'GetModuleFileNameA',
'GetModuleHandleW',
'IsDBCSLeadByte',
'SizeofResource',
'LoadResource',
'FindResourceA',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentThreadId',
'GetCommandLineA',
'Sleep',
'GetStringTypeW',
'GetStringTypeA',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetTickCount',
'QueryPerformanceCounter',
'GetFileType',
'SetHandleCount',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'GetLastError',
'HeapSize',
'HeapReAlloc',
'HeapCreate',
'HeapSetInformation',
'GetStdHandle',
'WriteFile',
'LCMapStringA',
'ExitProcess',
'LCMapStringW',
'FlsAlloc',
'SetLastError',
'FlsFree',
'FlsSetValue',
'FlsGetValue',
'DecodePointer',
'EncodePointer',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetCPInfo',
'GetStartupInfoA',
'VirtualQuery',
'GetSystemInfo',
'VirtualAlloc',
'VirtualProtect',
'HeapAlloc',
'RtlUnwindEx',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'CloseHandle',
'GetVersionExA',
'LoadLibraryA',
'FreeLibrary',
'GetModuleHandleA',
'GetProcAddress',
'WriteConsoleW',
'GetConsoleOutputCP',
'CreateFileA',
'GetLocaleInfoA',
'FreeEnvironmentStringsA',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'WriteConsoleA',
'FlushFileBuffers',
'GetConsoleMode',
'GetConsoleCP',
'SetStdHandle',
'SetFilePointer',
'InitializeCriticalSectionAndSpinCount',
'TerminateProcess',
'RtlPcToFileHeader',
'GetProcessHeap',
'HeapFree',
'LeaveCriticalSection',
'EnterCriticalSection',
'RegisterWindowMessageA',
'IsWindow',
'CreateDialogParamW',
'ShowWindow',
'GetDC',
'GetSystemMetrics',
'ReleaseDC',
'PostQuitMessage',
'SetTimer',
'KillTimer',
'SendMessageW',
'AppendMenuA',
'SetForegroundWindow',
'TrackPopupMenu',
'DestroyIcon',
'DestroyWindow',
'GetDlgItem',
'SendMessageA',
'GetWindowRect',
'SetWindowTextW',
'wsprintfW',
'RegisterClassA',
'CreateWindowExA',
'PostMessageA',
'DispatchMessageA',
'GetMessageA',
'DefWindowProcA',
'DestroyMenu',
'FindWindowA',
'SetWindowLongW',
'PostThreadMessageA',
'CharNextW',
'CharNextA',
'GetCursorPos',
'GetWindowLongW',
'GetDesktopWindow',
'CreatePopupMenu',
'GetDIBits',
'CreateCompatibleDC',
'CreateCompatibleBitmap',
'SelectObject',
'SetBkColor',
'BitBlt',
'SetTextColor',
'DeleteDC',
'DeleteObject',
'RegDeleteKeyA',
'RegEnumKeyExA',
'RegQueryInfoKeyA',
'RegSetValueExA',
'RegCreateKeyExA',
'RegDeleteValueA',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegCloseKey',
'Shell_NotifyIconW',
'CoRegisterClassObject',
'CoTaskMemFree',
'CoTaskMemRealloc',
'CoSuspendClassObjects',
'CoCreateInstance',
'StringFromGUID2',
'CoUninitialize',
'CoInitialize',
'CLSIDFromProgID',
'CoRevokeClassObject',
'CoTaskMemAlloc',
'UnRegisterTypeLib',
'RegisterTypeLib',
'VarUI4FromStr',
'SafeArrayGetVartype',
'SafeArrayGetLBound',
'SafeArrayGetUBound',
'SafeArrayLock',
'SafeArrayUnlock',
'SafeArrayDestroy',
'LoadTypeLib',
'SysAllocString',
'SysStringLen',
'SysFreeString',
'SysStringByteLen',
'SysAllocStringByteLen',
'VariantClear',
'StrStrIA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 179,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 2552,
'SectionNames': {'.data\x00\x00\x00': 17408,
'.pdata\x00\x00': 5632,
'.rdata\x00\x00': 29184,
'.text\x00\x00\x00': 107520,
'ӻ\x02\x00c\x00\x00\x00': 2560},
'StackReserveSize': 1048576,
'filename': './data/malware/00a02d154e7389d3a5fe572e9800f1628e74b8aabe4270f3282a8c0ab0951ff9'},
'00aac566d9664b844e5d7ae641c58131ce59deced312236f4299638356484fa0': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 149376,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 149504,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/00aac566d9664b844e5d7ae641c58131ce59deced312236f4299638356484fa0'},
'00cb557ec3c36d07f27e264dd6bffb6c858a3d9568878db3fded2a0bd0f9fe3b': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3492,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/00cb557ec3c36d07f27e264dd6bffb6c858a3d9568878db3fded2a0bd0f9fe3b'},
'00dbc9c0db2020a47a7833740b12141c6c865510f67eb5b88d6d5f0a7a833268': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 215096,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 215552,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/00dbc9c0db2020a47a7833740b12141c6c865510f67eb5b88d6d5f0a7a833268'},
'00e77c92f5584c245cb6422a37028c47f232fa3fadb59b493bc7f4bd28df70cd': {'AddressOfEntryPoint': 53248,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'VirtualQuery',
'USER32.dll': 'wsprintfA',
'VERSION.dll': 'GetFileVersionInfoSizeA'},
'ImportedFunctions': ['GetWindowsDirectoryA',
'GetProcessHeap',
'HeapAlloc',
'WinExec',
'HeapFree',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'GetVersionExA',
'GetStartupInfoA',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'TlsAlloc',
'SetLastError',
'GetLastError',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'GetProcAddress',
'GetModuleHandleA',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'LeaveCriticalSection',
'EnterCriticalSection',
'Sleep',
'LoadLibraryA',
'InitializeCriticalSection',
'GetLocaleInfoA',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'wsprintfA',
'RegSetValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'VerQueryValueA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 68,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 3584,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 9216,
'.reloc\x00\x00': 2560,
'.text\x00\x00\x00': 22016},
'StackReserveSize': 1048576,
'filename': './data/malware/00e77c92f5584c245cb6422a37028c47f232fa3fadb59b493bc7f4bd28df70cd'},
'017a1596c87a3ab76161666f34113ab8b16d1e5da7d535c705949d3a6b36398d': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 407992,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 408064,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/017a1596c87a3ab76161666f34113ab8b16d1e5da7d535c705949d3a6b36398d'},
'01d9eb3e7c4b0a8ceb4c69924daba0bb4da90b0849665c46e815ae9ddf0c24d2': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 509280,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 509440,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/01d9eb3e7c4b0a8ceb4c69924daba0bb4da90b0849665c46e815ae9ddf0c24d2'},
'01edb51ae3d6d79dd1b57a3a2cf84ad082f2a12cad2877c60e7dbe96ff251b22': {'AddressOfEntryPoint': 51316,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 184896,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 185344,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/01edb51ae3d6d79dd1b57a3a2cf84ad082f2a12cad2877c60e7dbe96ff251b22'},
'01f8fad499ebd1017200eb5673d21e82bbcdfb0c382f49929a62c14c796a5225': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 388860,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 389120,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/01f8fad499ebd1017200eb5673d21e82bbcdfb0c382f49929a62c14c796a5225'},
'020b9c2e74cc6d932a7f60acacaf269db8f0135538ee81f3bb51e005f1769c44': {'AddressOfEntryPoint': 1073781725,
'DebugRVA': 4848,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4194304,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueExA',
'KERNEL32.dll': 'FindFirstFileA',
'USER32.dll': 'CharNextA',
'msvcrt.dll': '_strnicmp'},
'ImportedFunctions': ['_c_exit',
'_XcptFilter',
'__C_specific_handler',
'isalnum',
'isalpha',
'islower',
'_atoi64',
'atol',
'_exit',
'memset',
'strchr',
'memcpy',
'??2@YAPEAX_K@Z',
'_cexit',
'exit',
'_acmdln',
'__getmainargs',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'__dllonexit',
'_onexit',
'??3@YAXPEAX@Z',
'_strnicmp',
'RegCloseKey',
'RegQueryValueExA',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'GlobalFlags',
'_lopen',
'GetStartupInfoA',
'_hread',
'_lclose',
'LocalAlloc',
'LocalFree',
'lstrcmpiA',
'GlobalUnlock',
'GlobalAlloc',
'GlobalLock',
'GlobalFree',
'GetFileAttributesA',
'SetFileAttributesA',
'DeleteFileA',
'GetSystemDirectoryA',
'GetWindowsDirectoryA',
'lstrcatA',
'_llseek',
'FindNextFileA',
'IsDBCSLeadByte',
'lstrlenA',
'GetLastError',
'LoadLibraryA',
'FreeLibrary',
'GetProcAddress',
'WideCharToMultiByte',
'GetVersionExA',
'lstrcpyA',
'FindClose',
'FindFirstFileA',
'PostQuitMessage',
'GetMessageA',
'TranslateMessage',
'DispatchMessageA',
'MessageBoxA',
'SendMessageA',
'LoadStringA',
'CharPrevA',
'wsprintfA',
'GetSystemMetrics',
'CharNextA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 82,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 2616,
'StackReserveSize': 524288,
'filename': './data/malware/020b9c2e74cc6d932a7f60acacaf269db8f0135538ee81f3bb51e005f1769c44'},
'0233b7eac732b159543513b9d148ddd5dcc54548be2867bf050fa3ff5f605064': {'AddressOfEntryPoint': 1074062968,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 61440,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteKeyA',
'CFGMGR32.dll': 'CM_Reenumerate_DevNode',
'KERNEL32.dll': 'ReadFile'},
'ImportedFunctions': ['CM_Locate_DevNodeA',
'CM_Reenumerate_DevNode',
'GetModuleFileNameA',
'FreeLibrary',
'LoadLibraryA',
'GetPrivateProfileStringA',
'GetProcAddress',
'GetVersionExA',
'GetLastError',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetCommandLineA',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'GetModuleHandleA',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'CloseHandle',
'RtlUnwindEx',
'EnterCriticalSection',
'LeaveCriticalSection',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'Sleep',
'HeapSize',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'FlushFileBuffers',
'CreateFileA',
'InitializeCriticalSection',
'HeapReAlloc',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'SetEndOfFile',
'ReadFile',
'RegDeleteKeyA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 76,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 2664,
'StackReserveSize': 1048576,
'filename': './data/malware/0233b7eac732b159543513b9d148ddd5dcc54548be2867bf050fa3ff5f605064'},
'02968edeae1088f046b4afe4dc20c4668b40ac8849a88f763807a8d5637f424f': {'AddressOfEntryPoint': 1073906705,
'DebugRVA': 25136,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetStringTypeW'},
'ImportedFunctions': ['FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'GetCommandLineA',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetModuleHandleW',
'ExitProcess',
'DecodePointer',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameW',
'RtlUnwindEx',
'GetModuleFileNameA',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'EncodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'GetLastError',
'FlsAlloc',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'LoadLibraryW',
'HeapFree',
'Sleep',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'HeapSize',
'HeapAlloc',
'HeapReAlloc',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW'],
'LinkerVersion': 10,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 58,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 143444,
'SectionNames': {'.data\x00\x00\x00': 4096,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 10240,
'.rsrc\x00\x00\x00': 143872,
'.text\x00\x00\x00': 19968,
'͝\x02\x00oc\x00\x00': 1024},
'StackReserveSize': 1048576,
'filename': './data/malware/02968edeae1088f046b4afe4dc20c4668b40ac8849a88f763807a8d5637f424f'},
'02d30c0c6aec1869906a97039b604a8d885e55a58c30bc6b70a833a4bcfe8662': {'AddressOfEntryPoint': 1074867945,
'DebugRVA': 809616,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 1065376,
'ExportSize': 442,
'IATRVA': 806912,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'EqualSid',
'KERNEL32.dll': 'FindFirstFileA',
'USER32.dll': 'RegisterClassExW',
'USERENV.dll': 'DestroyEnvironmentBlock',
'VERSION.dll': 'VerQueryValueW',
'WINMM.dll': 'timeBeginPeriod',
'WS2_32.dll': 'socket'},
'ImportedFunctions': ['GetQueuedCompletionStatus',
'SetEvent',
'ResetEvent',
'DuplicateHandle',
'GetCurrentThreadId',
'CreateThread',
'CreateEventW',
'CreateIoCompletionPort',
'DeleteCriticalSection',
'PostQueuedCompletionStatus',
'SignalObjectAndWait',
'SetHandleInformation',
'GetProcessHandleCount',
'VirtualFree',
'LocalFree',
'FreeLibrary',
'LoadLibraryW',
'WriteProcessMemory',
'MapViewOfFile',
'CreateFileMappingW',
'VirtualQueryEx',
'GetExitCodeProcess',
'GetThreadContext',
'AssignProcessToJobObject',
'UnregisterWaitEx',
'RegisterWaitForSingleObject',
'VirtualFreeEx',
'VirtualProtectEx',
'GetFileAttributesW',
'CreateFileW',
'QueryDosDeviceW',
'CreateJobObjectW',
'CreateMutexW',
'GetCurrentProcessId',
'CreateNamedPipeW',
'OpenEventW',
'SearchPathW',
'DebugBreak',
'lstrlenW',
'VirtualQuery',
'ReadProcessMemory',
'GetCurrentDirectoryW',
'ReleaseMutex',
'SetFilePointer',
'WriteFile',
'OutputDebugStringA',
'FormatMessageA',
'MultiByteToWideChar',
'WideCharToMultiByte',
'ExpandEnvironmentStringsW',
'SetEnvironmentVariableW',
'GetUserDefaultLangID',
'RaiseException',
'SetThreadPriority',
'IsDebuggerPresent',
'GetStdHandle',
'OpenProcess',
'HeapSetInformation',
'GetSystemInfo',
'ReadFile',
'GetSystemTimeAsFileTime',
'GetNativeSystemInfo',
'GetVersionExW',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'SystemTimeToFileTime',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'UnmapViewOfFile',
'SetCurrentDirectoryW',
'FindClose',
'FindNextFileW',
'FindFirstFileW',
'TerminateJobObject',
'InitializeCriticalSectionAndSpinCount',
'TlsGetValue',
'TlsFree',
'TlsSetValue',
'TlsAlloc',
'GetSystemPowerStatus',
'RtlCaptureStackBackTrace',
'GetCurrentThread',
'SetEndOfFile',
'FlushFileBuffers',
'GetFileInformationByHandle',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'WaitForMultipleObjects',
'ReleaseSemaphore',
'RtlCaptureContext',
'CreateSemaphoreW',
'WaitNamedPipeW',
'TransactNamedPipe',
'SetNamedPipeHandleState',
'DebugActiveProcess',
'GetUserDefaultLCID',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'RtlUnwindEx',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'HeapFree',
'ExitProcess',
'GetStartupInfoW',
'LoadLibraryA',
'HeapAlloc',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'GetFileType',
'HeapReAlloc',
'GetProcessHeap',
'RtlPcToFileHeader',
'LCMapStringA',
'LCMapStringW',
'GetCPInfo',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'HeapCreate',
'GetModuleFileNameA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'HeapSize',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetTimeZoneInformation',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'GetLocaleInfoA',
'GetStringTypeA',
'GetStringTypeW',
'EnumSystemLocalesA',
'IsValidLocale',
'GetLocaleInfoW',
'CreateFileA',
'GetCurrentDirectoryA',
'GetDriveTypeA',
'GetFullPathNameA',
'CompareStringA',
'CompareStringW',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'GetNamedPipeInfo',
'CancelIo',
'ConnectNamedPipe',
'SuspendThread',
'SwitchToThread',
'VirtualAlloc',
'VirtualProtect',
'RemoveVectoredExceptionHandler',
'AddVectoredExceptionHandler',
'WaitForDebugEvent',
'ContinueDebugEvent',
'SetThreadContext',
'InitializeCriticalSection',
'GetLastError',
'SetLastError',
'WaitForSingleObject',
'SetInformationJobObject',
'LeaveCriticalSection',
'EnterCriticalSection',
'GetTickCount',
'GetUserDefaultUILanguage',
'LocalAlloc',
'MapViewOfFileEx',
'GetSystemTime',
'lstrlenA',
'PeekNamedPipe',
'DisconnectNamedPipe',
'GetNamedPipeHandleStateW',
'OpenThread',
'FlushInstructionCache',
'ExitThread',
'VirtualAllocEx',
'ResumeThread',
'GetModuleHandleW',
'GetLongPathNameW',
'GetModuleFileNameW',
'GetTempPathW',
'GetEnvironmentVariableW',
'GetCommandLineW',
'CreateProcessW',
'CloseHandle',
'SetUnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'Sleep',
'GetModuleHandleA',
'GetProcAddress',
'FindFirstFileA',
'PostQuitMessage',
'CallMsgFilterW',
'TranslateMessage',
'DispatchMessageW',
'MsgWaitForMultipleObjectsEx',
'GetQueueStatus',
'PeekMessageW',
'WaitMessage',
'SetTimer',
'KillTimer',
'PostMessageW',
'MessageBoxW',
'WaitForInputIdle',
'wsprintfW',
'CharUpperW',
'GetUserObjectInformationW',
'GetThreadDesktop',
'SetProcessWindowStation',
'CreateDesktopW',
'GetProcessWindowStation',
'CreateWindowStationW',
'CloseDesktop',
'CloseWindowStation',
'UnregisterClassW',
'DestroyWindow',
'DefWindowProcW',
'CreateWindowExW',
'RegisterClassExW',
'LookupPrivilegeValueW',
'DuplicateToken',
'DuplicateTokenEx',
'CreateRestrictedToken',
'RegCreateKeyExW',
'CreateProcessAsUserW',
'SetThreadToken',
'ConvertStringSidToSidW',
'GetLengthSid',
'SetTokenInformation',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'GetSecurityDescriptorSacl',
'SetSecurityInfo',
'RevertToSelf',
'RegDisablePredefinedCache',
'RegOpenKeyExW',
'RegCloseKey',
'CopySid',
'CreateWellKnownSid',
'GetTokenInformation',
'OpenProcessToken',
'GetSecurityInfo',
'SetEntriesInAclW',
'RegQueryValueExW',
'RegQueryInfoKeyW',
'RegEnumKeyExW',
'RegDeleteValueW',
'RegSetValueExW',
'CryptCreateHash',
'CryptSetHashParam',
'CryptHashData',
'CryptGetHashParam',
'CryptAcquireContextW',
'CryptImportKey',
'CryptDestroyHash',
'CryptReleaseContext',
'CryptDestroyKey',
'ConvertSidToStringSidW',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'GetTraceLoggerHandle',
'RegisterTraceGuidsW',
'UnregisterTraceGuids',
'TraceEvent',
'EqualSid',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'VerQueryValueW',
'timeGetTime',
'timeEndPeriod',
'timeGetDevCaps',
'timeBeginPeriod',
'htons',
'htonl',
'accept',
'listen',
'setsockopt',
'WSACleanup',
'WSAStartup',
'ntohs',
'bind',
'gethostbyname',
'shutdown',
'select',
'send',
'recv',
'closesocket',
'socket'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 299,
'NumberOfSections': 9,
'OSVersion': 5,
'ResSize': 1504,
'StackReserveSize': 1048576,
'filename': './data/malware/02d30c0c6aec1869906a97039b604a8d885e55a58c30bc6b70a833a4bcfe8662'},
'02ef8fcd3671438012dd0056b7946edc02ad383bc2b591b9e2b06d1d5c2e334c': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 765312,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 765440,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/02ef8fcd3671438012dd0056b7946edc02ad383bc2b591b9e2b06d1d5c2e334c'},
'03bf155ded9ccebc74790dd1bbf2d9000cacab079a3ba1b5df4947123f70c9b8': {'AddressOfEntryPoint': 77160,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'VirtualQuery',
'USER32.dll': 'wsprintfA',
'VERSION.dll': 'GetFileVersionInfoSizeA'},
'ImportedFunctions': ['GetWindowsDirectoryA',
'GetProcessHeap',
'HeapAlloc',
'WinExec',
'HeapFree',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'GetVersionExA',
'GetStartupInfoA',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'TlsAlloc',
'SetLastError',
'GetLastError',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'GetProcAddress',
'GetModuleHandleA',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'LeaveCriticalSection',
'EnterCriticalSection',
'Sleep',
'LoadLibraryA',
'InitializeCriticalSection',
'GetLocaleInfoA',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'wsprintfA',
'RegSetValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'VerQueryValueA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 68,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 3584,
'.pdata\x00\x00': 29184,
'.rdata\x00\x00': 9216,
'.text\x00\x00\x00': 21504,
'vcapnhb\x00': 0},
'StackReserveSize': 1048576,
'filename': './data/malware/03bf155ded9ccebc74790dd1bbf2d9000cacab079a3ba1b5df4947123f70c9b8'},
'03ccdc44982eb7cc3b64951c8ae287c5f79ee4edb8d61b0b084eeca84011264e': {'AddressOfEntryPoint': 137036,
'DebugRVA': 182240,
'DebugSize': 28,
'Dll': 33024,
'ExportRVA': 211504,
'ExportSize': 51,
'IATRVA': 180224,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'COMCTL32.dll': 'InitCommonControlsEx',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'RtlLookupFunctionEntry',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'SHGetFileInfoW',
'SHLWAPI.dll': 'SHAutoComplete',
'USER32.dll': 'LoadIconW',
'ole32.dll': 'CreateStreamOnHGlobal'},
'ImportedFunctions': ['InitCommonControlsEx',
'SHAutoComplete',
'ReadFile',
'GetFileAttributesW',
'SetFileAttributesW',
'FindNextFileW',
'GetFullPathNameW',
'GetModuleFileNameW',
'FindResourceW',
'GetModuleHandleW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'GetCurrentProcessId',
'GetLocaleInfoW',
'GetNumberFormatW',
'ExpandEnvironmentStringsW',
'WaitForSingleObject',
'DosDateTimeToFileTime',
'GetDateFormatW',
'GetTimeFormatW',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'GetExitCodeProcess',
'GetTempPathW',
'MoveFileExW',
'Sleep',
'UnmapViewOfFile',
'MapViewOfFile',
'GetCommandLineW',
'CreateFileMappingW',
'GetTickCount',
'SetEnvironmentVariableW',
'OpenFileMappingW',
'CreateThread',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetProcessAffinityMask',
'ReleaseSemaphore',
'ResetEvent',
'DeleteCriticalSection',
'SetEvent',
'SetThreadPriority',
'InitializeCriticalSection',
'CreateEventW',
'CreateSemaphoreW',
'SystemTimeToFileTime',
'GetSystemTime',
'LocalFileTimeToFileTime',
'WideCharToMultiByte',
'MultiByteToWideChar',
'CompareStringW',
'IsDBCSLeadByte',
'GetCPInfo',
'FindFirstFileW',
'GetFileType',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'GetLocaleInfoA',
'GetStringTypeW',
'GetStringTypeA',
'InitializeCriticalSectionAndSpinCount',
'LoadLibraryA',
'GetConsoleMode',
'GetConsoleCP',
'QueryPerformanceCounter',
'SetHandleCount',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'LCMapStringW',
'LCMapStringA',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetModuleFileNameA',
'ExitProcess',
'HeapSize',
'RtlCaptureContext',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'HeapCreate',
'HeapSetInformation',
'FlsAlloc',
'GetCurrentThreadId',
'FlsFree',
'FlsSetValue',
'FlsGetValue',
'DecodePointer',
'EncodePointer',
'GetStartupInfoA',
'GetCommandLineA',
'HeapAlloc',
'RtlPcToFileHeader',
'RaiseException',
'SetEndOfFile',
'SetFilePointer',
'GetStdHandle',
'WriteFile',
'FlushFileBuffers',
'GetLongPathNameW',
'MoveFileW',
'GetShortPathNameW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetCurrentDirectoryW',
'DeleteFileW',
'FindClose',
'CreateFileW',
'DeviceIoControl',
'SetFileTime',
'GetCurrentProcess',
'CloseHandle',
'CreateHardLinkW',
'SetLastError',
'GetLastError',
'GetCurrentDirectoryW',
'CreateFileA',
'GlobalAlloc',
'GetSystemTimeAsFileTime',
'HeapReAlloc',
'HeapFree',
'RtlUnwindEx',
'RtlLookupFunctionEntry',
'EnableWindow',
'GetDlgItem',
'ShowWindow',
'MessageBoxW',
'FindWindowExW',
'GetParent',
'MapWindowPoints',
'CreateWindowExW',
'UpdateWindow',
'LoadCursorW',
'RegisterClassExW',
'DefWindowProcW',
'DestroyWindow',
'CopyRect',
'IsWindow',
'CharUpperW',
'OemToCharBuffA',
'LoadBitmapW',
'SetWindowLongPtrW',
'PostMessageW',
'GetSysColor',
'SetForegroundWindow',
'WaitForInputIdle',
'IsWindowVisible',
'DialogBoxParamW',
'DestroyIcon',
'SetFocus',
'GetClassNameW',
'SendDlgItemMessageW',
'GetDlgItemTextW',
'EndDialog',
'SetDlgItemTextW',
'wvsprintfW',
'SendMessageW',
'GetDC',
'ReleaseDC',
'PeekMessageW',
'GetMessageW',
'TranslateMessage',
'DispatchMessageW',
'LoadStringW',
'GetWindowRect',
'GetClientRect',
'GetWindowLongPtrW',
'SetWindowPos',
'GetWindowTextW',
'SetWindowTextW',
'GetSystemMetrics',
'GetWindow',
'GetWindowLongW',
'SetWindowLongW',
'LoadIconW',
'GetDeviceCaps',
'CreateCompatibleDC',
'GetObjectW',
'CreateCompatibleBitmap',
'SelectObject',
'StretchBlt',
'DeleteDC',
'DeleteObject',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'RegCloseKey',
'SetFileSecurityW',
'OpenProcessToken',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'SHBrowseForFolderW',
'ShellExecuteExW',
'SHGetSpecialFolderLocation',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetMalloc',
'SHChangeNotify',
'SHGetFileInfoW',
'CLSIDFromString',
'CoCreateInstance',
'OleInitialize',
'OleUninitialize',
'CreateStreamOnHGlobal',
'VariantInit'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 213,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 26040,
'SectionNames': {'.data\x00\x00\x00': 6656,
'.pdata\x00\x00': 8704,
'.rdata\x00\x00': 31744,
'.rsrc\x00\x00\x00': 26112,
'.text\x00\x00\x00': 174080},
'StackReserveSize': 1048576,
'filename': './data/malware/03ccdc44982eb7cc3b64951c8ae287c5f79ee4edb8d61b0b084eeca84011264e'},
'03d8af28ecdfe2fc392f2d0e9260706debec2e72fa7ef5e9bd492768325c2ea7': {'AddressOfEntryPoint': 1073812569,
'DebugRVA': 29344,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'LoadLibraryW',
'SETUPAPI.dll': 'SetupDiGetClassDevsW',
'SHLWAPI.dll': 'StrCatW',
'USER32.dll': 'wsprintfW'},
'ImportedFunctions': ['wsprintfW',
'StrCmpIW',
'StrStrIW',
'StrCatW',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetDeviceInstallParamsW',
'SetupDiCallClassInstaller',
'SetupDiSetClassInstallParamsW',
'SetupDiGetDeviceRegistryPropertyW',
'SetupDiEnumDeviceInfo',
'SetupDiGetClassDevsW',
'SetLastError',
'GetStringTypeW',
'MultiByteToWideChar',
'LCMapStringW',
'HeapReAlloc',
'HeapAlloc',
'HeapSize',
'WideCharToMultiByte',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetCPInfo',
'Sleep',
'HeapFree',
'OutputDebugStringW',
'FormatMessageW',
'LocalFree',
'GetLastError',
'GetCommandLineW',
'GetStartupInfoW',
'SetUnhandledExceptionFilter',
'GetProcAddress',
'GetModuleHandleW',
'ExitProcess',
'DecodePointer',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameW',
'RtlUnwindEx',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'DeleteCriticalSection',
'EncodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'LeaveCriticalSection',
'EnterCriticalSection',
'LoadLibraryW'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 69,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 49452,
'SectionNames': {'\x15.\x01\x00oc\x00\x00': 1024,
'.data\x00\x00\x00': 4096,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 10752,
'.rsrc\x00\x00\x00': 49664,
'.text\x00\x00\x00': 21504},
'StackReserveSize': 1048576,
'filename': './data/malware/03d8af28ecdfe2fc392f2d0e9260706debec2e72fa7ef5e9bd492768325c2ea7'},
'03e7fc4b59ef56723f33c3531c292288051670a34112c1f8c896b0309fe8df78': {'AddressOfEntryPoint': 5424,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49964,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'SetNamedSecurityInfoW',
'KERNEL32.dll': 'VirtualQuery',
'SHELL32.dll': 'SHFileOperationW',
'msvcrt.dll': 'wprintf'},
'ImportedFunctions': ['AdjustTokenPrivileges',
'GetTokenInformation',
'LookupPrivilegeValueW',
'OpenProcessToken',
'SetEntriesInAclW',
'SetNamedSecurityInfoW',
'CloseHandle',
'CreateFileW',
'DeleteCriticalSection',
'DeleteFileW',
'EnterCriticalSection',
'FindClose',
'FindFirstFileExW',
'FindNextFileW',
'GetCurrentProcess',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetFileAttributesExW',
'GetFileAttributesW',
'GetFileInformationByHandle',
'GetLastError',
'GetModuleHandleA',
'GetProcAddress',
'GetStartupInfoA',
'GetSystemTimeAsFileTime',
'GetTickCount',
'InitializeCriticalSection',
'LeaveCriticalSection',
'LoadLibraryA',
'LocalAlloc',
'LocalFree',
'QueryPerformanceCounter',
'RemoveDirectoryW',
'RtlAddFunctionTable',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetFileAttributesW',
'SetUnhandledExceptionFilter',
'Sleep',
'TerminateProcess',
'TlsGetValue',
'UnhandledExceptionFilter',
'VirtualProtect',
'VirtualQuery',
'__C_specific_handler',
'__dllonexit',
'__getmainargs',
'__initenv',
'__iob_func',
'__lconv_init',
'__set_app_type',
'__setusermatherr',
'__wgetmainargs',
'_acmdln',
'_amsg_exit',
'_cexit',
'_fmode',
'_initterm',
'_lock',
'_onexit',
'_snwprintf',
'_unlock',
'abort',
'calloc',
'exit',
'fprintf',
'free',
'fwprintf',
'fwrite',
'malloc',
'memcpy',
'memmove',
'realloc',
'signal',
'strlen',
'strncmp',
'vfprintf',
'wcschr',
'wcscmp',
'wcslen',
'wcsncpy',
'wcsrchr',
'wprintf',
'SHFileOperationW'],
'LinkerVersion': 2,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 85,
'NumberOfSections': 9,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.bss\x00\x00\x00\x00': 0,
'.data\x00\x00\x00': 512,
'.idata\x00\x00': 3584,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 3072,
'.text\x00\x00\x00': 22016,
'.tls\x00\x00\x00\x00': 512,
'.xdata\x00\x00': 1024},
'StackReserveSize': 2097152,
'filename': './data/malware/03e7fc4b59ef56723f33c3531c292288051670a34112c1f8c896b0309fe8df78'},
'0544d6ed305440899e82b793660f3fcee7bf585e3051c182f5550c6b9f8b8f98': {'AddressOfEntryPoint': 1073781213,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 32768,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteValueA',
'KERNEL32.dll': 'LCMapStringA',
'SETUPAPI.dll': 'SetupDiEnumDeviceInfo',
'SHELL32.dll': 'SHFileOperationA',
'USER32.dll': 'MessageBoxA'},
'ImportedFunctions': ['SetupDiGetClassDevsA',
'SetupDiCallClassInstaller',
'SetupDiOpenDevRegKey',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiDestroyDeviceInfoList',
'SetupDiEnumDeviceInfo',
'OpenFile',
'GetWindowsDirectoryA',
'LocalAlloc',
'LocalFree',
'GetLastError',
'SetLastError',
'FormatMessageA',
'CloseHandle',
'ReadFile',
'lstrlenA',
'RemoveDirectoryA',
'FindClose',
'FindNextFileA',
'FindFirstFileA',
'DeleteFileA',
'GetCurrentDirectoryA',
'GetStringTypeW',
'GetStringTypeA',
'LoadLibraryA',
'Sleep',
'GetLocaleInfoA',
'VirtualProtect',
'GetSystemInfo',
'VirtualQuery',
'CreateFileA',
'GetCommandLineA',
'LCMapStringW',
'MultiByteToWideChar',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'ExitProcess',
'GetProcAddress',
'GetModuleHandleA',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'HeapCreate',
'LCMapStringA',
'MessageBoxA',
'RegOpenKeyA',
'RegDeleteKeyA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegEnumKeyA',
'RegCloseKey',
'RegDeleteValueA',
'SHFileOperationA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 68,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 960,
'StackReserveSize': 1048576,
'filename': './data/malware/0544d6ed305440899e82b793660f3fcee7bf585e3051c182f5550c6b9f8b8f98'},
'05f0e608c8bd180c20465edbf2ce63900298d79f178e474774b9b205f23a255d': {'AddressOfEntryPoint': 121744,
'DebugRVA': 95104,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 94208,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'CLASSPNP.SYS': 'ClassFindModePage',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoSetDeviceInterfaceState',
'RtlInitUnicodeString',
'IoDeleteDevice',
'KeSetEvent',
'IoFreeWorkItem',
'KeInitializeEvent',
'RtlInitAnsiString',
'PoRequestPowerIrp',
'KeEnterCriticalRegion',
'PoSetPowerState',
'RtlFreeUnicodeString',
'wcsstr',
'ZwQueryValueKey',
'IoAllocateWorkItem',
'ZwClose',
'KeWaitForSingleObject',
'IoFreeIrp',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoQueueWorkItem',
'IoGetDeviceProperty',
'ObReferenceObjectByPointer',
'IoInvalidateDeviceState',
'ZwOpenKey',
'NlsMbCodePageTag',
'IoInitializeTimer',
'IoSetHardErrorOrVerifyDevice',
'IoStartTimer',
'IoIs32bitProcess',
'IoInvalidateDeviceRelations',
'IoFreeMdl',
'RtlxAnsiStringToUnicodeSize',
'IoStopTimer',
'MmProbeAndLockPages',
'IoRegisterDeviceInterface',
'KeResetEvent',
'IoBuildSynchronousFsdRequest',
'ExpInterlockedPopEntrySList',
'MmMapLockedPagesSpecifyCache',
'RtlCompareMemory',
'ObfReferenceObject',
'IoAcquireRemoveLockEx',
'IoGetConfigurationInformation',
'IoBuildDeviceIoControlRequest',
'ZwCreateKey',
'IoDeleteSymbolicLink',
'IoAllocateDriverObjectExtension',
'RtlIntegerToUnicodeString',
'ZwCreateDirectoryObject',
'ZwSetValueKey',
'IoDetachDevice',
'MmUnmapIoSpace',
'IoGetDeviceObjectPointer',
'MmMapIoSpace',
'RtlAppendUnicodeStringToString',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoIsWdmVersionAvailable',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoGetDriverObjectExtension',
'KeClearEvent',
'PsCreateSystemThread',
'ExInterlockedInsertTailList',
'PsTerminateSystemThread',
'ObReferenceObjectByHandle',
'KeBugCheckEx',
'RtlAnsiStringToUnicodeString',
'KeLeaveCriticalRegion',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateMdl',
'IoReleaseCancelSpinLock',
'ObfDereferenceObject',
'RtlCopyUnicodeString',
'ExInterlockedRemoveHeadList',
'IoAllocateIrp',
'IoGetAttachedDeviceReference',
'ExQueryDepthSList',
'PoStartNextPowerIrp',
'MmBuildMdlForNonPagedPool',
'KeReleaseSpinLock',
'ExpInterlockedPushEntrySList',
'PoRegisterDeviceForIdleDetection',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'MmUnlockPages',
'DbgPrint',
'RtlUnicodeToMultiByteN',
'__C_specific_handler',
'ClassInitializeSrbLookasideList',
'ClassClaimDevice',
'ClassDeviceControl',
'ClassSendDeviceIoControlSynchronous',
'ClassReadDriveCapacity',
'ClassCreateDeviceObject',
'ClassQueryTimeOutRegistryValue',
'ClassAcquireRemoveLockEx',
'ClassDeleteSrbLookasideList',
'ClassRemoveDevice',
'ClassReleaseRemoveLock',
'ClassCompleteRequest',
'ClassSendSrbSynchronous',
'ClassAsynchronousCompletion',
'ClassInitialize',
'ClassSendIrpSynchronous',
'ClassIoComplete',
'ClassFindModePage'],
'LinkerVersion': 10,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 109,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 6144,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 90112,
'DUMPDATA': 26112,
'INIT\x00\x00\x00\x00': 6656,
'PAGE\x00\x00\x00\x00': 5120},
'StackReserveSize': 262144,
'filename': './data/malware/05f0e608c8bd180c20465edbf2ce63900298d79f178e474774b9b205f23a255d'},
'05f2de90c06301502274b4ca2ec279e1012906d522176e416bba667353668f7d': {'AddressOfEntryPoint': 112016,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 69632,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyA',
'KERNEL32.dll': 'CreateFileA',
'SHLWAPI.dll': 'PathFileExistsA',
'USER32.dll': 'MessageBoxA'},
'ImportedFunctions': ['GetProcAddress',
'GetLastError',
'FreeLibrary',
'CopyFileA',
'GetSystemDirectoryA',
'GetModuleFileNameA',
'GetPrivateProfileStringA',
'LoadLibraryA',
'GetVersionExA',
'FlushFileBuffers',
'CloseHandle',
'HeapFree',
'HeapAlloc',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'GetCommandLineA',
'GetStartupInfoA',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'GetModuleHandleW',
'Sleep',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'HeapSize',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'InitializeCriticalSectionAndSpinCount',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'HeapReAlloc',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'MessageBoxA',
'RegSetValueExA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegDeleteKeyA',
'RegCloseKey',
'RegCreateKeyA',
'PathFileExistsA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 84,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 892,
'SectionNames': {'.data\x00\x00\x00': 5632,
'.pdata\x00\x00': 4096,
'.rdata\x00\x00': 20480,
'.rsrc\x00\x00\x00': 20992,
'.text\x00\x00\x00': 62976},
'StackReserveSize': 1048576,
'filename': './data/malware/05f2de90c06301502274b4ca2ec279e1012906d522176e416bba667353668f7d'},
'06e931e942a7b3eaafbac790e6ac103e7a77eb2faf1b6d3d4127289a90b985cf': {'AddressOfEntryPoint': 49844,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateFileA',
'USER32.dll': 'SetWindowPos',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': 'memcpy'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'FreeLibrary',
'lstrlenA',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'CreateProcessA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'DosDateTimeToFileTime',
'_llseek',
'GetDiskFreeSpaceA',
'MulDiv',
'EnumResourceLanguagesA',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'SetUnhandledExceptionFilter',
'GetStartupInfoW',
'Sleep',
'lstrcmpA',
'CreateFileA',
'GetDeviceCaps',
'GetDlgItem',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetDlgItemTextA',
'GetDesktopWindow',
'EndDialog',
'CharPrevA',
'ExitWindowsEx',
'CharNextA',
'CharUpperA',
'MessageBeep',
'LoadStringA',
'GetDlgItemTextA',
'DialogBoxIndirectParamA',
'CallWindowProcA',
'EnableWindow',
'SetWindowTextA',
'DispatchMessageA',
'SetWindowLongPtrA',
'GetSystemMetrics',
'ShowWindow',
'SetWindowPos',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_initterm',
'_acmdln',
'exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'memcpy_s',
'_vsnprintf',
'?terminate@@YAXXZ',
'memset',
'memcpy',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 152,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 620648,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 621056,
'.text\x00\x00\x00': 53248},
'StackReserveSize': 524288,
'filename': './data/malware/06e931e942a7b3eaafbac790e6ac103e7a77eb2faf1b6d3d4127289a90b985cf'},
'06ec5432328675ec67fe6b4ec9876ad4b21c7e3ec6464cc5d413812d65e3a64a': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 763132,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 763392,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/06ec5432328675ec67fe6b4ec9876ad4b21c7e3ec6464cc5d413812d65e3a64a'},
'0730c7e1bc0ba0fac6e3d8bf8baac1953c5fc5c3b3d77c3bf244cfe8b75cc0f1': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 395780,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 396288,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/0730c7e1bc0ba0fac6e3d8bf8baac1953c5fc5c3b3d77c3bf244cfe8b75cc0f1'},
'0776cf5a136b7f287806801be96d1419dd7a3fd8283d004cfad828008b11b052': {'AddressOfEntryPoint': 5208,
'DebugRVA': 41296,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 40960,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetVersion',
'WS2_32.dll': 'bind',
'ntdll.dll': '__chkstk'},
'ImportedFunctions': ['RtlComputeCrc32',
'ZwClose',
'ZwOpenProcess',
'ZwQueryInformationThread',
'ZwOpenThread',
'RtlEqualUnicodeString',
'LdrFindEntryForAddress',
'ZwQueueApcThread',
'ZwWriteVirtualMemory',
'ZwAllocateVirtualMemory',
'wcslen',
'RtlInitUnicodeString',
'RtlPrefixUnicodeString',
'RtlGetCurrentPeb',
'RtlNtStatusToDosError',
'memset',
'ZwResumeThread',
'wcscpy',
'wcscat',
'RtlIpv4StringToAddressExW',
'wcstoul',
'ZwQuerySystemInformation',
'__chkstk',
'ExitProcess',
'GetLastError',
'BindIoCompletionCallback',
'Sleep',
'CreateProcessW',
'GetCommandLineW',
'LocalFree',
'LocalAlloc',
'GetVersion',
'setsockopt',
'WSASendTo',
'closesocket',
'WSAGetLastError',
'WSASocketW',
'WSAStartup',
'bind'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 39,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 2048,
'.text\x00\x00\x00': 34816},
'StackReserveSize': 1048576,
'filename': './data/malware/0776cf5a136b7f287806801be96d1419dd7a3fd8283d004cfad828008b11b052'},
'07aaac257f6fdb5c4060722ef297e0c0e06c24861740014f94f4541c7eeb7279': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 111808,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 112128,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/07aaac257f6fdb5c4060722ef297e0c0e06c24861740014f94f4541c7eeb7279'},
'07cb05f72ad3be4f58378a618eef1b957b9a5a57d6fc6e0f15e850aca5d5161b': {'AddressOfEntryPoint': 73632,
'DebugRVA': 252604,
'DebugSize': 56,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 253952,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'API-MS-Win-Core-ErrorHandling-L1-1-0.dll': 'UnhandledExceptionFilter',
'API-MS-Win-Core-File-L1-1-0.dll': 'FindNextFileW',
'API-MS-Win-Core-Handle-L1-1-0.dll': 'CloseHandle',
'API-MS-Win-Core-Heap-L1-1-0.dll': 'HeapSetInformation',
'API-MS-Win-Core-IO-L1-1-0.dll': 'DeviceIoControl',
'API-MS-Win-Core-LibraryLoader-L1-1-0.dll': 'LoadStringW',
'API-MS-Win-Core-LocalRegistry-L1-1-0.dll': 'RegSetValueExW',
'API-MS-Win-Core-Misc-L1-1-0.dll': 'lstrlenW',
'API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll': 'ExpandEnvironmentStringsW',
'API-MS-Win-Core-ProcessThreads-L1-1-0.dll': 'GetProcessTimes',
'API-MS-Win-Core-Profile-L1-1-0.dll': 'QueryPerformanceCounter',
'API-MS-Win-Core-String-L1-1-0.dll': 'CompareStringW',
'API-MS-Win-Core-Synch-L1-1-0.dll': 'OpenProcess',
'API-MS-Win-Core-SysInfo-L1-1-0.dll': 'GetSystemTime',
'API-MS-Win-Security-Base-L1-1-0.dll': 'SetTokenInformation',
'API-MS-Win-Security-LSALookup-L1-1-0.dll': 'LsaLookupOpenLocalPolicy',
'API-MS-Win-Security-SDDL-L1-1-0.dll': 'ConvertSidToStringSidW',
'CRYPTBASE.dll': 'SystemFunction005',
'RPCRT4.dll': 'RpcAsyncAbortCall',
'SspiCli.dll': 'LogonUserExExW',
'msvcrt.dll': '_ultow',
'ntdll.dll': 'RtlUnicodeStringToInteger'},
'ImportedFunctions': ['_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'exit',
'_fmode',
'__set_app_type',
'?terminate@@YAXXZ',
'_commode',
'memset',
'memcpy',
'_ltow',
'wcscspn',
'__getmainargs',
'_ltow_s',
'wcschr',
'_wcslwr',
'_ultow_s',
'time',
'wcsrchr',
'_vsnwprintf',
'_wcsnicmp',
'wcstoul',
'wcsstr',
'_wcsicmp',
'_wtol',
'wcsncmp',
'_ultow',
'UuidCreate',
'UuidCreateNil',
'UuidEqual',
'RpcServerUnsubscribeForNotification',
'RpcServerSubscribeForNotification',
'RpcBindingVectorFree',
'RpcServerRegisterAuthInfoW',
'RpcServerInqDefaultPrincNameW',
'RpcEpRegisterW',
'RpcStringFreeW',
'RpcStringBindingParseW',
'RpcBindingToStringBindingW',
'RpcServerInqBindings',
'RpcServerUseProtseqW',
'RpcServerUseProtseqEpW',
'I_RpcMapWin32Status',
'RpcServerInqCallAttributesW',
'RpcAsyncCompleteCall',
'RpcRevertToSelf',
'RpcImpersonateClient',
'RpcServerInqBindingHandle',
'I_RpcBindingInqLocalClientPID',
'I_RpcSessionStrictContextHandle',
'I_RpcBindingIsClientLocal',
'NdrServerCall2',
'NdrAsyncServerCall',
'UuidFromStringW',
'RpcBindingFree',
'RpcServerInqCallAttributesA',
'RpcServerRegisterIfEx',
'RpcAsyncAbortCall',
'LogonUserExExW',
'RtlLengthSid',
'EtwTraceMessage',
'NtTraceControl',
'RtlSetLastWin32Error',
'EtwGetTraceLoggerHandle',
'RtlInitializeCriticalSection',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'NtOpenThread',
'NtQueueApcThread',
'RtlQueueApcWow64Thread',
'EvtIntReportEventAndSourceAsync',
'EtwEventWrite',
'EtwEventRegister',
'RtlUnhandledExceptionFilter',
'RtlFreeHeap',
'NtSetEvent',
'NtSetInformationProcess',
'NtOpenProcessToken',
'RtlSetProcessIsCritical',
'NtQueryInformationFile',
'NtSetInformationFile',
'RtlAppendUnicodeStringToString',
'RtlAppendUnicodeToString',
'NtWaitForSingleObject',
'NtQueryDirectoryFile',
'NtDeleteFile',
'RtlCopyUnicodeString',
'NtFilterToken',
'NtQueryInformationToken',
'NtSetInformationThread',
'NtAdjustPrivilegesToken',
'NtDuplicateToken',
'NtAccessCheckAndAuditAlarm',
'NtAccessCheck',
'NtPrivilegeObjectAuditAlarm',
'NtPrivilegeCheck',
'RtlMapGenericMask',
'RtlSetSecurityObject',
'NtOpenThreadToken',
'RtlValidRelativeSecurityDescriptor',
'RtlQuerySecurityObject',
'RtlSubAuthoritySid',
'WinSqmAddToStream',
'RtlSetControlSecurityDescriptor',
'NtDeleteKey',
'NtEnumerateKey',
'NtDeleteValueKey',
'NtSetValueKey',
'NtQueryValueKey',
'NtOpenKey',
'NtCreateKey',
'RtlLengthSecurityDescriptor',
'RtlValidSecurityDescriptor',
'RtlSetEnvironmentVariable',
'RtlConvertExclusiveToShared',
'RtlConvertSharedToExclusive',
'RtlCreateServiceSid',
'RtlRegisterWait',
'RtlEqualUnicodeString',
'RtlGetNtProductType',
'RtlCopySid',
'NtUnloadDriver',
'RtlCompareUnicodeString',
'NtQueryDirectoryObject',
'NtOpenDirectoryObject',
'NtLoadDriver',
'DbgPrintEx',
'RtlAdjustPrivilege',
'RtlExpandEnvironmentStrings_U',
'RtlInitializeSRWLock',
'NtOpenFile',
'NtQuerySymbolicLinkObject',
'NtOpenSymbolicLinkObject',
'RtlFreeUnicodeString',
'RtlDosPathNameToNtPathName_U',
'RtlReleaseSRWLockShared',
'NtDeleteObjectAuditAlarm',
'RtlAcquireSRWLockShared',
'NtFlushKey',
'RtlAreAllAccessesGranted',
'NtCloseObjectAuditAlarm',
'RtlReleaseSRWLockExclusive',
'RtlAcquireSRWLockExclusive',
'RtlDeregisterWait',
'RtlAcquireResourceShared',
'RtlInitializeResource',
'RtlQueueWorkItem',
'RtlDeleteSecurityObject',
'RtlReleaseResource',
'RtlAcquireResourceExclusive',
'RtlCopyLuid',
'NtQueryKey',
'NtShutdownSystem',
'NtInitializeRegistry',
'NtSetSystemEnvironmentValue',
'RtlInitUnicodeString',
'NtClose',
'RtlNtStatusToDosError',
'NtQuerySystemInformation',
'RtlNtStatusToDosErrorNoTeb',
'RtlLengthRequiredSid',
'RtlAddAce',
'RtlCreateAcl',
'RtlSetDaclSecurityDescriptor',
'RtlNewSecurityObject',
'RtlSetGroupSecurityDescriptor',
'RtlSetSaclSecurityDescriptor',
'RtlAllocateHeap',
'RtlInitializeSid',
'RtlSubAuthorityCountSid',
'RtlCreateSecurityDescriptor',
'RtlSetOwnerSecurityDescriptor',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlUnicodeStringToAnsiString',
'EtwGetTraceEnableLevel',
'EtwGetTraceEnableFlags',
'EtwRegisterTraceGuidsW',
'RtlUnicodeStringToInteger',
'LsaLookupTranslateSids',
'LsaLookupFreeMemory',
'LsaLookupClose',
'LsaLookupManageSidNameMapping',
'LsaLookupGetDomainInfo',
'LsaLookupTranslateNames',
'LsaLookupOpenLocalPolicy',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'ConvertSecurityDescriptorToStringSecurityDescriptorW',
'ConvertSidToStringSidW',
'SystemFunction029',
'SystemFunction005',
'GetLastError',
'SetLastError',
'SetUnhandledExceptionFilter',
'SetErrorMode',
'UnhandledExceptionFilter',
'SetFileInformationByHandle',
'CreateDirectoryW',
'FindFirstFileW',
'CreateFileW',
'FindClose',
'FindNextFileW',
'DuplicateHandle',
'CloseHandle',
'HeapAlloc',
'HeapFree',
'HeapCreate',
'HeapSetInformation',
'DeviceIoControl',
'GetModuleHandleW',
'GetProcAddress',
'LoadLibraryExW',
'FreeLibrary',
'LoadStringW',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCloseKey',
'RegNotifyChangeKeyValue',
'RegSetKeySecurity',
'RegGetKeySecurity',
'RegLoadMUIStringW',
'RegCreateKeyExW',
'RegSetValueExW',
'LocalAlloc',
'LocalFree',
'Sleep',
'IsWow64Process',
'lstrlenW',
'GetEnvironmentVariableW',
'ExpandEnvironmentStringsW',
'CreateThread',
'CreateProcessW',
'TerminateProcess',
'GetCurrentThreadId',
'GetProcessId',
'OpenThreadToken',
'GetCurrentThread',
'GetCurrentProcess',
'InitializeProcThreadAttributeList',
'UpdateProcThreadAttribute',
'DeleteProcThreadAttributeList',
'CreateProcessAsUserW',
'ResumeThread',
'OpenProcessToken',
'GetCurrentProcessId',
'SetProcessShutdownParameters',
'ExitThread',
'SetThreadPriority',
'GetProcessTimes',
'QueryPerformanceCounter',
'CompareStringW',
'InitializeCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'WaitForSingleObject',
'SetEvent',
'CreateEventW',
'WaitForMultipleObjectsEx',
'ResetEvent',
'OpenEventW',
'OpenProcess',
'GetTickCount',
'GetSystemTimeAsFileTime',
'GetSystemDirectoryW',
'GetComputerNameExW',
'GetVersionExW',
'GetSystemTime',
'GetSecurityDescriptorDacl',
'SetSecurityDescriptorOwner',
'InitializeSecurityDescriptor',
'EqualSid',
'AdjustTokenPrivileges',
'RevertToSelf',
'ImpersonateLoggedOnUser',
'CopySid',
'GetLengthSid',
'CheckTokenMembership',
'GetTokenInformation',
'InitializeAcl',
'AddAce',
'SetSecurityDescriptorDacl',
'AllocateLocallyUniqueId',
'AllocateAndInitializeSid',
'FreeSid',
'GetKernelObjectSecurity',
'SetKernelObjectSecurity',
'AddAccessAllowedAce',
'SetTokenInformation'],
'LinkerVersion': 9,
'NumberOfImportDLL': 23,
'NumberOfImportFunctions': 293,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 19104,
'SectionNames': {'.data\x00\x00\x00': 6144,
'.pdata\x00\x00': 11264,
'.rdata\x00\x00': 39936,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 19456,
'.text\x00\x00\x00': 248832},
'StackReserveSize': 524288,
'filename': './data/malware/07cb05f72ad3be4f58378a618eef1b957b9a5a57d6fc6e0f15e850aca5d5161b'},
'07ecdbefdb715680519c6889f3b552bbd8f200c399b0387966974f49fb5d27cd': {'AddressOfEntryPoint': 8356,
'DebugRVA': 25008,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'WDFLDR.SYS': 'WdfVersionBind',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoRegisterPlugPlayNotification',
'ExInitializeNPagedLookasideList',
'RtlInitUnicodeString',
'KeSetEvent',
'ExpInterlockedPushEntrySList',
'MmGetSystemRoutineAddress',
'KeInitializeEvent',
'KeReleaseSpinLock',
'ExpInterlockedPopEntrySList',
'MmPageEntireDriver',
'IoAllocateErrorLogEntry',
'IoGetDeviceObjectPointer',
'InitSafeBootMode',
'_vsnwprintf',
'IoUnregisterPlugPlayNotification',
'IofCompleteRequest',
'ExQueryDepthSList',
'KeWaitForSingleObject',
'RtlCompareMemory',
'ObfDereferenceObject',
'IoWMIWriteEvent',
'ExDeleteNPagedLookasideList',
'IofCallDriver',
'KeAcquireSpinLockRaiseToDpc',
'KeBugCheckEx',
'RtlCopyUnicodeString',
'IoBuildDeviceIoControlRequest',
'IoBuildSynchronousFsdRequest',
'KeInitializeDpc',
'IoFreeMdl',
'IoCancelIrp',
'IoBuildAsynchronousFsdRequest',
'ExInterlockedInsertTailList',
'KeInsertQueueDpc',
'IoFreeIrp',
'MmProbeAndLockPages',
'ExInterlockedRemoveHeadList',
'MmUnlockPages',
'IoAllocateMdl',
'IoReleaseCancelSpinLock',
'ExFreePoolWithTag',
'IoWMIRegistrationControl',
'IoWriteErrorLogEntry',
'MmMapLockedPagesSpecifyCache',
'DbgPrint',
'ExAllocatePoolWithTag',
'__C_specific_handler',
'WdfVersionUnbind',
'WdfVersionBind',
'KeQueryPerformanceCounter'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 50,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 1040,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 2560,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 17920,
'INIT\x00\x00\x00\x00': 3072,
'PAGE\x00\x00\x00\x00': 10752},
'StackReserveSize': 262144,
'filename': './data/malware/07ecdbefdb715680519c6889f3b552bbd8f200c399b0387966974f49fb5d27cd'},
'0825c00613ec1a0c879cd5053f862db5a7ce9368ef95913f91ff7eb6280947d3': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 630220,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 630272,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/0825c00613ec1a0c879cd5053f862db5a7ce9368ef95913f91ff7eb6280947d3'},
'084ae81e93031857b6c804af1df2da7c4e055d58caadf727fae67d3530c2bb7f': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 179324,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 179712,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/084ae81e93031857b6c804af1df2da7c4e055d58caadf727fae67d3530c2bb7f'},
'086c0d2d932584851fec3851282d7de822d07f129ca383924e157adf388bbf29': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/086c0d2d932584851fec3851282d7de822d07f129ca383924e157adf388bbf29'},
'08f7c373abfa4dc80b015c518834a2f441544a75ae5091f7585bedd31c0e31e2': {'AddressOfEntryPoint': 71700,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 131072,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueExA',
'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'GetModuleInformation',
'Secur32.dll': 'LsaEnumerateLogonSessions',
'WS2_32.dll': 'htonl'},
'ImportedFunctions': ['GetModuleInformation',
'CloseServiceHandle',
'OpenThreadToken',
'AdjustTokenPrivileges',
'LookupPrivilegeValueA',
'OpenProcessToken',
'GetTokenInformation',
'NotifyChangeEventLog',
'OpenEventLogA',
'GetNumberOfEventLogRecords',
'GetOldestEventLogRecord',
'ReadEventLogA',
'CryptGetHashParam',
'CryptDestroyHash',
'CryptHashData',
'CryptReleaseContext',
'CryptCreateHash',
'CryptAcquireContextA',
'QueryServiceStatus',
'CreateServiceA',
'OpenSCManagerA',
'DeleteService',
'OpenServiceA',
'StartServiceA',
'ControlService',
'SetServiceStatus',
'RegisterServiceCtrlHandlerA',
'StartServiceCtrlDispatcherA',
'RegCloseKey',
'RegSetValueExA',
'RegOpenKeyExA',
'RegDeleteValueA',
'RegQueryValueExA',
'LsaFreeReturnBuffer',
'LsaGetLogonSessionData',
'LsaEnumerateLogonSessions',
'ntohl',
'ntohs',
'htonl',
'CreateEventA',
'CreateFileW',
'GetProcessHeap',
'SetEndOfFile',
'WriteConsoleW',
'SetEnvironmentVariableA',
'CompareStringW',
'DeleteFileA',
'GetModuleHandleA',
'OpenProcess',
'Sleep',
'SetConsoleCtrlHandler',
'GetCurrentDirectoryA',
'GetTempPathA',
'GetVersionExA',
'ProcessIdToSessionId',
'GetCurrentProcessId',
'GetModuleFileNameA',
'GetCurrentProcess',
'LoadLibraryA',
'IsBadReadPtr',
'Process32Next',
'CloseHandle',
'Process32First',
'CreateToolhelp32Snapshot',
'ReadProcessMemory',
'WaitForSingleObject',
'CreateRemoteThread',
'VirtualFreeEx',
'WriteProcessMemory',
'VirtualAllocEx',
'GetProcAddress',
'TerminateProcess',
'MultiByteToWideChar',
'UnmapViewOfFile',
'MapViewOfFile',
'CreateFileMappingA',
'CreateFileA',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceA',
'FreeResource',
'ResetEvent',
'GetLastError',
'ReadFile',
'FreeLibrary',
'GetSystemWindowsDirectoryA',
'SetEvent',
'CreateThread',
'WriteFile',
'WaitNamedPipeA',
'FlushFileBuffers',
'DisconnectNamedPipe',
'ConnectNamedPipe',
'CreateNamedPipeA',
'WideCharToMultiByte',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'GetCurrentThread',
'GetModuleHandleW',
'ExitProcess',
'DecodePointer',
'HeapFree',
'HeapAlloc',
'EncodePointer',
'EnterCriticalSection',
'LeaveCriticalSection',
'HeapReAlloc',
'GetCommandLineA',
'RtlUnwindEx',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetHandleCount',
'GetStdHandle',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'LoadLibraryW',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'GetModuleFileNameW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'HeapSize',
'GetConsoleCP',
'GetConsoleMode',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'SetFilePointer',
'SetStdHandle',
'LCMapStringW',
'GetStringTypeW'],
'LinkerVersion': 10,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 150,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 43120,
'SectionNames': {'.data\x00\x00\x00': 22528,
'.pdata\x00\x00': 4608,
'.rdata\x00\x00': 17408,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 43008,
'.text\x00\x00\x00': 124928},
'StackReserveSize': 1048576,
'filename': './data/malware/08f7c373abfa4dc80b015c518834a2f441544a75ae5091f7585bedd31c0e31e2'},
'09782a24b5a800b4498501f2d33c60fc6b8f2b4a919c279f44658c345fa31314': {'AddressOfEntryPoint': 18896,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 53248,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetFileAttributesA',
'SETUPAPI.dll': 'SetupDiOpenDevRegKey',
'SHLWAPI.dll': 'SHDeleteEmptyKeyA',
'USER32.dll': 'WaitForInputIdle',
'newdev.dll': 'UpdateDriverForPlugAndPlayDevicesA'},
'ImportedFunctions': ['InitializeCriticalSection',
'CreateProcessA',
'LeaveCriticalSection',
'SetFileAttributesA',
'EnterCriticalSection',
'FindFirstFileA',
'RemoveDirectoryA',
'FindNextFileA',
'FindClose',
'GetCurrentDirectoryA',
'GetModuleFileNameA',
'GetCurrentProcess',
'CloseHandle',
'GetLastError',
'FormatMessageA',
'LocalFree',
'GetWindowsDirectoryA',
'FreeLibrary',
'LoadLibraryA',
'DeleteCriticalSection',
'GetProcAddress',
'SetStdHandle',
'ReadFile',
'SetEndOfFile',
'FlushFileBuffers',
'IsBadCodePtr',
'SetUnhandledExceptionFilter',
'GetOEMCP',
'GetACP',
'GetStringTypeW',
'GetStringTypeA',
'HeapFree',
'ExitProcess',
'GetModuleHandleA',
'DeleteFileA',
'RtlUnwindEx',
'GetCommandLineA',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'Sleep',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'LCMapStringA',
'WideCharToMultiByte',
'MultiByteToWideChar',
'LCMapStringW',
'TlsAlloc',
'SetLastError',
'GetCurrentThreadId',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'WriteFile',
'GetStdHandle',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'CreateFileA',
'SetFilePointer',
'GetLocaleInfoA',
'GetCPInfo',
'GetFileAttributesA',
'WaitForInputIdle',
'LookupPrivilegeValueA',
'AdjustTokenPrivileges',
'PrivilegeCheck',
'RegCreateKeyExA',
'RegDeleteValueA',
'RegCreateKeyA',
'RegSetValueExA',
'RegOpenKeyA',
'RegQueryValueExA',
'RegCloseKey',
'OpenProcessToken',
'SetupDiClassGuidsFromNameA',
'SetupDiSetDeviceRegistryPropertyA',
'SetupDiGetDeviceRegistryPropertyA',
'SetupGetInfInformationA',
'SetupQueryInfVersionInformationA',
'SetupCopyOEMInfA',
'SetupOpenInfFileA',
'SetupInstallFromInfSectionA',
'SetupDiGetClassDevsA',
'SetupDiEnumDeviceInfo',
'SetupDiCallClassInstaller',
'SetupDiDestroyDeviceInfoList',
'SetupDiOpenDevRegKey',
'UpdateDriverForPlugAndPlayDevicesA',
'SHDeleteEmptyKeyA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 99,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 22736,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 15360,
'.rsrc\x00\x00\x00': 23040,
'.text\x00\x00\x00': 47104},
'StackReserveSize': 1048576,
'filename': './data/malware/09782a24b5a800b4498501f2d33c60fc6b8f2b4a919c279f44658c345fa31314'},
'09c5667f35d0bb61d4bacc3db30e7c91f436ca87d4afca095d5ae64b74a79a34': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 250232,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 250368,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/09c5667f35d0bb61d4bacc3db30e7c91f436ca87d4afca095d5ae64b74a79a34'},
'09f1cc20675bc53e8504ed6df682fc513e535a5bc34dce58996ee799a7e9964b': {'AddressOfEntryPoint': 1074382917,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 151552,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'ExitProcess',
'OLEAUT32.dll': 'SysStringLen',
'SETUPAPI.dll': 'SetupDiDestroyDeviceInfoList',
'SHELL32.dll': 'SHGetFolderPathA',
'SHLWAPI.dll': 'PathIsRelativeA',
'USER32.dll': 'IsDlgButtonChecked',
'VERSION.dll': 'VerQueryValueA',
'ole32.dll': 'CoSetProxyBlanket'},
'ImportedFunctions': ['GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiGetClassDevsA',
'SetupDiGetDeviceInstanceIdA',
'SetupDiClassGuidsFromNameA',
'SetupDiGetINFClassA',
'SetupDiGetDeviceInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiEnumDriverInfoA',
'SetupDiBuildDriverInfoList',
'SetupDiSetDeviceInstallParamsA',
'SetupDiRegisterDeviceInfo',
'SetupDiSetDeviceRegistryPropertyA',
'SetupDiCreateDeviceInfoA',
'SetupDiCreateDeviceInfoList',
'SetupDiDestroyDriverInfoList',
'SetupDiSetSelectedDevice',
'SetupDiGetDriverInfoDetailA',
'SetupDiRemoveDevice',
'SetupDiDestroyDeviceInfoList',
'PathAppendA',
'PathUnquoteSpacesA',
'PathIsDirectoryA',
'PathIsRelativeA',
'GetExitCodeProcess',
'WaitForSingleObject',
'CreateProcessA',
'FindClose',
'FindNextFileA',
'SetLastError',
'FindFirstFileA',
'GetSystemDirectoryA',
'GetProcAddress',
'GetModuleHandleA',
'Sleep',
'GetModuleFileNameA',
'SetCurrentDirectoryA',
'GetFullPathNameA',
'DeleteFileA',
'SetFileAttributesA',
'GetFileAttributesA',
'GetVersionExA',
'GetComputerNameA',
'GetUserDefaultLangID',
'GetCurrentDirectoryA',
'GetWindowsDirectoryA',
'GetCurrentProcess',
'ReleaseMutex',
'CreateDirectoryA',
'MapViewOfFile',
'CreateFileMappingA',
'CreateMutexA',
'UnmapViewOfFile',
'GetTimeFormatA',
'GetLocalTime',
'OutputDebugStringA',
'lstrcpynA',
'MoveFileExA',
'LocalAlloc',
'GetCurrentThread',
'FreeLibrary',
'SetEnvironmentVariableA',
'Module32First',
'CreateToolhelp32Snapshot',
'Process32Next',
'Process32First',
'TerminateProcess',
'GetLastError',
'MultiByteToWideChar',
'DeviceIoControl',
'CreateFileA',
'GetPrivateProfileStringA',
'CloseHandle',
'GlobalUnlock',
'GlobalLock',
'GlobalAlloc',
'CopyFileA',
'GetCurrentProcessId',
'GetCurrentThreadId',
'RemoveDirectoryA',
'SetFilePointer',
'RtlVirtualUnwind',
'DeleteCriticalSection',
'GetFileType',
'GetStdHandle',
'SetHandleCount',
'LeaveCriticalSection',
'EnterCriticalSection',
'RtlPcToFileHeader',
'RaiseException',
'LCMapStringW',
'WideCharToMultiByte',
'LCMapStringA',
'RtlCaptureContext',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'FlsAlloc',
'FlsFree',
'TlsFree',
'FlsSetValue',
'FlsGetValue',
'SetStdHandle',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetCPInfo',
'GetStartupInfoA',
'GetProcessHeap',
'HeapAlloc',
'FormatMessageA',
'LocalFree',
'WriteFile',
'LoadLibraryA',
'InitializeCriticalSection',
'GetConsoleCP',
'GlobalFree',
'WinExec',
'GetConsoleMode',
'FlushFileBuffers',
'GetSystemTimeAsFileTime',
'HeapSetInformation',
'HeapCreate',
'HeapSize',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetTickCount',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'ReadFile',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'OpenProcess',
'GetCommandLineA',
'RtlUnwindEx',
'RtlLookupFunctionEntry',
'CompareStringW',
'CompareStringA',
'SetEndOfFile',
'HeapReAlloc',
'HeapFree',
'ExitProcess',
'ShowWindow',
'UpdateWindow',
'LoadImageA',
'GetUserObjectInformationA',
'MessageBoxA',
'LoadStringA',
'DeferWindowPos',
'BeginDeferWindowPos',
'GetWindowRect',
'GetProcessWindowStation',
'GetClientRect',
'SendMessageA',
'SetWindowPos',
'OffsetRect',
'CopyRect',
'GetParent',
'CheckDlgButton',
'SetDlgItemTextA',
'GetDlgItem',
'EnableWindow',
'EndDialog',
'LoadBitmapA',
'GetWindowThreadProcessId',
'EnumWindows',
'DialogBoxParamA',
'GetWindowInfo',
'ExitWindowsEx',
'CreateWindowExA',
'GetSystemMetrics',
'GetDesktopWindow',
'EndDeferWindowPos',
'IsDlgButtonChecked',
'OpenSCManagerA',
'OpenServiceA',
'ControlService',
'QueryServiceStatus',
'DeleteService',
'CloseServiceHandle',
'ImpersonateSelf',
'OpenThreadToken',
'AllocateAndInitializeSid',
'InitializeSecurityDescriptor',
'GetLengthSid',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'SetSecurityDescriptorGroup',
'SetSecurityDescriptorOwner',
'IsValidSecurityDescriptor',
'AccessCheck',
'RevertToSelf',
'FreeSid',
'RegDeleteValueA',
'RegEnumValueA',
'RegEnumKeyExA',
'RegQueryInfoKeyA',
'RegDeleteKeyA',
'LookupPrivilegeValueA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'RegSetValueExA',
'GetUserNameA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'SHGetSpecialFolderPathA',
'SHGetFolderPathA',
'CoUninitialize',
'CoCreateInstance',
'CoInitialize',
'CoSetProxyBlanket',
'SysFreeString',
'SysAllocStringLen',
'SysStringLen'],
'LinkerVersion': 8,
'NumberOfImportDLL': 10,
'NumberOfImportFunctions': 225,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 412764,
'StackReserveSize': 1048576,
'filename': './data/malware/09f1cc20675bc53e8504ed6df682fc513e535a5bc34dce58996ee799a7e9964b'},
'0a0faa8e09269ec70fa16a3e2d27af5649b0e819525bd390e4d44fe9a604666c': {'AddressOfEntryPoint': 7792,
'DebugRVA': 45680,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'MD5Init',
'KERNEL32.dll': 'GetProcessHeap',
'WS2_32.dll': 'WSAStartup',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlTimeToTimeFields',
'RtlComputeCrc32',
'sprintf',
'RtlStringFromGUID',
'RtlInitUnicodeString',
'ZwWriteFile',
'ZwSetValueKey',
'wcstoul',
'ZwQueryVolumeInformationFile',
'RtlTimeToSecondsSince1970',
'RtlNtStatusToDosError',
'ZwCreateFile',
'LdrAccessResource',
'LdrFindResource_U',
'RtlFreeUnicodeString',
'ZwSetContextThread',
'ZwWriteVirtualMemory',
'ZwProtectVirtualMemory',
'ZwSetInformationFile',
'ZwWaitForSingleObject',
'ZwGetContextThread',
'RtlExitUserThread',
'RtlCreateUserThread',
'ZwDuplicateObject',
'ZwOpenFile',
'RtlDosPathNameToNtPathName_U',
'ZwClose',
'RtlAdjustPrivilege',
'ZwImpersonateThread',
'ZwOpenThread',
'ZwOpenProcess',
'ZwQuerySystemInformation',
'ZwOpenKey',
'ZwQueryValueKey',
'RtlIpv4StringToAddressExW',
'_wtoi64',
'wcschr',
'ZwQueueApcThread',
'ZwAllocateVirtualMemory',
'RtlEqualUnicodeString',
'ZwOpenEvent',
'ZwResumeThread',
'ZwQueryInformationFile',
'ZwCreateKey',
'LdrFindEntryForAddress',
'__chkstk',
'memcpy',
'GetVersion',
'GetLastError',
'BindIoCompletionCallback',
'GetSystemDefaultLangID',
'HeapAlloc',
'GetSystemTimeAsFileTime',
'Sleep',
'GetCommandLineW',
'LoadLibraryExW',
'ExitProcess',
'VirtualFree',
'VirtualAlloc',
'GetModuleHandleW',
'HeapFree',
'GetProcessHeap',
'MD5Final',
'MD5Update',
'MD5Init',
'WSASend',
'WSARecv',
'WSAIoctl',
'bind',
'closesocket',
'WSAGetLastError',
'WSASocketW',
'WSAStartup'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 73,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 2560,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 5120,
'.rsrc\x00\x00\x00': 2560,
'.text\x00\x00\x00': 40960},
'StackReserveSize': 1048576,
'filename': './data/malware/0a0faa8e09269ec70fa16a3e2d27af5649b0e819525bd390e4d44fe9a604666c'},
'0afe81f4608744675c5fda4b36b249a7da16d52de14af542ecd62de48ccf654c': {'AddressOfEntryPoint': 12778992,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 13961624,
'ImageBase': 4194304,
'ImageVersion': 5,
'ImportedDLL': {'URLMON.DLL': 'URLDownloadToFileA',
'advapi32.dll': 'RegCloseKey',
'comctl32.dll': 'InitCommonControls',
'comdlg32.dll': 'GetOpenFileNameW',
'gdi32.dll': 'AngleArc',
'glu32.dll': 'gluProject',
'kernel32.dll': 'MulDiv',
'msvcrt.dll': 'memcmp',
'ole32.dll': 'IsEqualGUID',
'oleacc.dll': 'LresultFromObject',
'oleaut32.dll': 'SysFreeString',
'opengl32.dll': 'wglCreateContext',
'shell32.dll': 'SHAddToRecentDocs',
'user32.dll': 'MonitorFromWindow',
'version.dll': 'GetFileVersionInfoW',
'winmm.dll': 'sndPlaySoundW',
'winspool.drv': 'GetDefaultPrinterW',
'wsock32.dll': 'inet_ntoa'},
'ImportedFunctions': ['SysFreeString',
'SysReAllocStringLen',
'SysAllocStringLen',
'RegQueryValueExW',
'RegOpenKeyExW',
'RegCloseKey',
'MessageBoxA',
'CharNextW',
'LoadStringW',
'Sleep',
'VirtualFree',
'VirtualAlloc',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'lstrlenW',
'lstrcpynW',
'VirtualQuery',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemInfo',
'GetVersion',
'CompareStringW',
'IsDBCSLeadByteEx',
'IsValidLocale',
'SetThreadLocale',
'GetSystemDefaultUILanguage',
'GetUserDefaultUILanguage',
'GetLocaleInfoW',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetConsoleOutputCP',
'GetConsoleCP',
'GetACP',
'LoadLibraryExW',
'GetStartupInfoW',
'GetProcAddress',
'GetModuleHandleW',
'GetModuleFileNameW',
'GetCommandLineW',
'FreeLibrary',
'GetLastError',
'UnhandledExceptionFilter',
'RtlUnwindEx',
'RtlUnwind',
'RaiseException',
'ExitProcess',
'ExitThread',
'SwitchToThread',
'GetCurrentThreadId',
'CreateThread',
'DeleteCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'InitializeCriticalSection',
'FindFirstFileW',
'FindClose',
'SetCurrentDirectoryW',
'SetCurrentDirectoryA',
'GetCurrentDirectoryW',
'GetCurrentDirectoryA',
'RemoveDirectoryW',
'CreateDirectoryW',
'WriteFile',
'SetFilePointer',
'SetEndOfFile',
'ReadFile',
'GetFileType',
'GetFileSize',
'DeleteFileW',
'CreateFileW',
'GetStdHandle',
'CloseHandle',
'GetProcAddress',
'RaiseException',
'LoadLibraryA',
'GetLastError',
'TlsSetValue',
'TlsGetValue',
'LocalFree',
'LocalAlloc',
'GetModuleHandleW',
'FreeLibrary',
'SetClassLongPtrW',
'GetClassLongPtrW',
'SetWindowLongPtrW',
'GetWindowLongPtrW',
'CreateWindowExW',
'mouse_event',
'keybd_event',
'WindowFromPoint',
'WaitMessage',
'ValidateRect',
'UpdateWindow',
'UnregisterClassW',
'UnhookWindowsHookEx',
'TranslateMessage',
'TranslateMDISysAccel',
'TrackPopupMenu',
'SystemParametersInfoW',
'ShowWindow',
'ShowScrollBar',
'ShowOwnedPopups',
'ShowCaret',
'SetWindowRgn',
'SetWindowsHookExW',
'SetWindowTextW',
'SetWindowPos',
'SetWindowPlacement',
'SetTimer',
'SetScrollRange',
'SetScrollPos',
'SetScrollInfo',
'SetRect',
'SetPropW',
'SetParent',
'SetMenuItemInfoW',
'SetMenu',
'SetKeyboardState',
'SetForegroundWindow',
'SetFocus',
'SetCursorPos',
'SetCursor',
'SetClipboardData',
'SetCaretPos',
'SetCapture',
'SetActiveWindow',
'SendMessageA',
'SendMessageW',
'SendDlgItemMessageW',
'ScrollWindowEx',
'ScrollWindow',
'ScreenToClient',
'RemovePropW',
'RemoveMenu',
'ReleaseDC',
'ReleaseCapture',
'RegisterWindowMessageW',
'RegisterClipboardFormatW',
'RegisterClassW',
'RedrawWindow',
'PtInRect',
'PostQuitMessage',
'PostMessageW',
'PeekMessageA',
'PeekMessageW',
'OpenClipboard',
'OffsetRect',
'NotifyWinEvent',
'MsgWaitForMultipleObjectsEx',
'MsgWaitForMultipleObjects',
'MessageBoxW',
'MessageBeep',
'MapWindowPoints',
'MapVirtualKeyW',
'LoadStringA',
'LoadStringW',
'LoadKeyboardLayoutW',
'LoadIconW',
'LoadCursorW',
'LoadBitmapW',
'KillTimer',
'IsZoomed',
'IsWindowVisible',
'IsWindowUnicode',
'IsWindowEnabled',
'IsWindow',
'IsIconic',
'IsDialogMessageA',
'IsDialogMessageW',
'IsClipboardFormatAvailable',
'IsChild',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'InvalidateRect',
'IntersectRect',
'InsertMenuItemW',
'InsertMenuW',
'InflateRect',
'HideCaret',
'GetWindowThreadProcessId',
'GetWindowTextW',
'GetWindowRect',
'GetWindowPlacement',
'GetWindowDC',
'GetUpdateRect',
'GetTopWindow',
'GetSystemMetrics',
'GetSystemMenu',
'GetSysColorBrush',
'GetSysColor',
'GetSubMenu',
'GetScrollRange',
'GetScrollPos',
'GetScrollInfo',
'GetScrollBarInfo',
'GetPropW',
'GetParent',
'GetWindow',
'GetMessageTime',
'GetMessagePos',
'GetMessageExtraInfo',
'GetMenuStringW',
'GetMenuState',
'GetMenuItemInfoW',
'GetMenuItemID',
'GetMenuItemCount',
'GetMenu',
'GetLastActivePopup',
'GetKeyboardState',
'GetKeyboardLayoutNameW',
'GetKeyboardLayoutList',
'GetKeyboardLayout',
'GetKeyState',
'GetKeyNameTextW',
'GetIconInfo',
'GetForegroundWindow',
'GetFocus',
'GetDoubleClickTime',
'GetDlgItem',
'GetDlgCtrlID',
'GetDesktopWindow',
'GetDCEx',
'GetDC',
'GetCursorPos',
'GetCursor',
'GetClipboardData',
'GetClientRect',
'GetClassNameW',
'GetClassInfoExW',
'GetClassInfoW',
'GetCaretPos',
'GetCapture',
'GetActiveWindow',
'FrameRect',
'FindWindowExW',
'FindWindowW',
'FillRect',
'EqualRect',
'EnumWindows',
'EnumThreadWindows',
'EnumClipboardFormats',
'EnumChildWindows',
'EndPaint',
'EndMenu',
'EndDeferWindowPos',
'EnableWindow',
'EnableScrollBar',
'EnableMenuItem',
'EmptyClipboard',
'DrawTextExW',
'DrawTextW',
'DrawStateW',
'DrawMenuBar',
'DrawIconEx',
'DrawIcon',
'DrawFrameControl',
'DrawFocusRect',
'DrawEdge',
'DispatchMessageA',
'DispatchMessageW',
'DestroyWindow',
'DestroyMenu',
'DestroyIcon',
'DestroyCursor',
'DestroyCaret',
'DeleteMenu',
'DeferWindowPos',
'DefWindowProcW',
'DefMDIChildProcW',
'DefFrameProcW',
'CreatePopupMenu',
'CreateMenu',
'CreateIcon',
'CreateCaret',
'CountClipboardFormats',
'CopyImage',
'CloseClipboard',
'ClientToScreen',
'ChildWindowFromPoint',
'CheckMenuItem',
'CharUpperBuffW',
'CharUpperW',
'CharNextW',
'CharLowerBuffW',
'CharLowerW',
'CallWindowProcW',
'CallNextHookEx',
'BringWindowToTop',
'BeginPaint',
'BeginDeferWindowPos',
'CharPrevA',
'CharNextA',
'CharLowerA',
'CharUpperA',
'AdjustWindowRectEx',
'ActivateKeyboardLayout',
'wglMakeCurrent',
'wglDeleteContext',
'wglCreateContext',
'UnrealizeObject',
'TextOutA',
'SwapBuffers',
'StretchDIBits',
'StretchBlt',
'StartPage',
'StartDocW',
'SetWindowOrgEx',
'SetWindowExtEx',
'SetWinMetaFileBits',
'SetViewportOrgEx',
'SetViewportExtEx',
'SetTextColor',
'SetStretchBltMode',
'SetROP2',
'SetPixelFormat',
'SetPixel',
'SetMapMode',
'SetEnhMetaFileBits',
'SetDIBits',
'SetDIBColorTable',
'SetDCPenColor',
'SetBrushOrgEx',
'SetBkMode',
'SetBkColor',
'SetAbortProc',
'SelectPalette',
'SelectObject',
'SelectClipRgn',
'SaveDC',
'RoundRect',
'RestoreDC',
'ResizePalette',
'Rectangle',
'RectVisible',
'RealizePalette',
'Polyline',
'Polygon',
'PolyPolyline',
'PolyBezierTo',
'PolyBezier',
'PlayEnhMetaFile',
'Pie',
'PatBlt',
'MoveToEx',
'MaskBlt',
'LineTo',
'LPtoDP',
'IntersectClipRect',
'GetWindowOrgEx',
'GetWinMetaFileBits',
'GetTextMetricsW',
'GetTextExtentPointA',
'GetTextExtentPointW',
'GetTextExtentPoint32W',
'GetSystemPaletteEntries',
'GetStockObject',
'GetRgnBox',
'GetPixel',
'GetPaletteEntries',
'GetObjectW',
'GetNearestPaletteIndex',
'GetNearestColor',
'GetEnhMetaFilePaletteEntries',
'GetEnhMetaFileHeader',
'GetEnhMetaFileDescriptionW',
'GetEnhMetaFileBits',
'GetDeviceCaps',
'GetDIBits',
'GetDIBColorTable',
'GetCurrentPositionEx',
'GetClipBox',
'GetBrushOrgEx',
'GetBitmapBits',
'GdiFlush',
'FrameRgn',
'ExtTextOutW',
'ExtFloodFill',
'ExtCreatePen',
'ExcludeClipRect',
'EnumFontsW',
'EnumFontFamiliesExW',
'EndPage',
'EndDoc',
'Ellipse',
'DescribePixelFormat',
'DeleteObject',
'DeleteEnhMetaFile',
'DeleteDC',
'CreateSolidBrush',
'CreateRectRgn',
'CreatePenIndirect',
'CreatePalette',
'CreateICW',
'CreateHalftonePalette',
'CreateFontIndirectW',
'CreateEnhMetaFileW',
'CreateDIBitmap',
'CreateDIBSection',
'CreateDCW',
'CreateCompatibleDC',
'CreateCompatibleBitmap',
'CreateBrushIndirect',
'CreateBitmap',
'CopyEnhMetaFileW',
'CombineRgn',
'CloseEnhMetaFile',
'Chord',
'ChoosePixelFormat',
'BitBlt',
'ArcTo',
'Arc',
'AngleArc',
'VerQueryValueW',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'lstrlenA',
'lstrcpynA',
'lstrcpyA',
'lstrcmpiA',
'lstrcmpA',
'lstrcmpW',
'lstrcatA',
'WritePrivateProfileStringW',
'WriteFile',
'WideCharToMultiByte',
'WaitForSingleObject',
'WaitForMultipleObjectsEx',
'VirtualQueryEx',
'VirtualQuery',
'VirtualProtect',
'VirtualFree',
'VirtualAlloc',
'UnmapViewOfFile',
'SwitchToThread',
'SuspendThread',
'Sleep',
'SizeofResource',
'SetThreadPriority',
'SetThreadLocale',
'SetLastError',
'SetFilePointer',
'SetFileAttributesW',
'SetEvent',
'SetErrorMode',
'SetEndOfFile',
'ResumeThread',
'ResetEvent',
'RemoveDirectoryW',
'ReadFile',
'RaiseException',
'QueryDosDeviceW',
'IsDebuggerPresent',
'OutputDebugStringA',
'MultiByteToWideChar',
'MulDiv',
'MoveFileW',
'MapViewOfFile',
'LockResource',
'LocalFree',
'LoadResource',
'LoadLibraryExA',
'LoadLibraryW',
'LeaveCriticalSection',
'LCMapStringW',
'IsValidLocale',
'IsDBCSLeadByte',
'InitializeCriticalSection',
'HeapFree',
'HeapDestroy',
'HeapCreate',
'HeapAlloc',
'GlobalUnlock',
'GlobalSize',
'GlobalMemoryStatus',
'GlobalHandle',
'GlobalLock',
'GlobalFree',
'GlobalFindAtomW',
'GlobalDeleteAtom',
'GlobalAlloc',
'GlobalAddAtomW',
'GetVolumeInformationW',
'GetVersionExW',
'GetVersion',
'GetUserDefaultLCID',
'GetTimeZoneInformation',
'GetTickCount',
'GetThreadPriority',
'GetThreadLocale',
'GetTempPathW',
'GetSystemTime',
'GetSystemInfo',
'GetStdHandle',
'GetShortPathNameW',
'GetProcessHeap',
'GetProcAddress',
'GetPrivateProfileStringW',
'GetModuleHandleA',
'GetModuleHandleW',
'GetModuleFileNameA',
'GetModuleFileNameW',
'GetLogicalDriveStringsW',
'GetLocaleInfoA',
'GetLocaleInfoW',
'GetLocalTime',
'GetLastError',
'GetFullPathNameW',
'GetFileSize',
'GetFileAttributesW',
'GetExitCodeThread',
'GetEnvironmentVariableW',
'GetDriveTypeW',
'GetDiskFreeSpaceW',
'GetDateFormatW',
'GetCurrentThreadId',
'GetCurrentThread',
'GetCurrentProcessId',
'GetCurrentProcess',
'GetComputerNameW',
'GetCPInfoExW',
'GetCPInfo',
'GetACP',
'FreeResource',
'FreeLibrary',
'FormatMessageW',
'FindResourceW',
'FindNextFileW',
'FindFirstFileA',
'FindFirstFileW',
'FindClose',
'FileTimeToLocalFileTime',
'FileTimeToDosDateTime',
'EnumSystemLocalesW',
'EnumCalendarInfoW',
'EnterCriticalSection',
'DeleteFileW',
'DeleteCriticalSection',
'CreateThread',
'CreateProcessW',
'CreateFileMappingW',
'CreateFileW',
'CreateEventW',
'CreateDirectoryW',
'CopyFileW',
'CompareStringA',
'CompareStringW',
'CloseHandle',
'RegSetValueExA',
'RegQueryValueExA',
'RegQueryValueExW',
'RegQueryValueW',
'RegQueryInfoKeyW',
'RegOpenKeyExA',
'RegOpenKeyExW',
'RegFlushKey',
'RegEnumKeyExW',
'RegDeleteKeyA',
'RegCreateKeyExA',
'RegCreateKeyExW',
'RegCloseKey',
'Sleep',
'CoCreateGuid',
'SafeArrayPtrOfIndex',
'SafeArrayPutElement',
'SafeArrayGetElement',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'SafeArrayGetUBound',
'SafeArrayGetLBound',
'SafeArrayCopy',
'SafeArrayDestroy',
'SafeArrayCreate',
'VariantChangeType',
'VariantCopyInd',
'VariantCopy',
'VariantClear',
'VariantInit',
'CreateErrorInfo',
'GetErrorInfo',
'SetErrorInfo',
'GetActiveObject',
'UnRegisterTypeLib',
'RegisterTypeLib',
'LoadTypeLib',
'VariantInit',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'SafeArrayRedim',
'SafeArrayDestroy',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData',
'SafeArrayAllocDescriptor',
'SysFreeString',
'CreateStreamOnHGlobal',
'IsAccelerator',
'OleDraw',
'OleSetMenuDescriptor',
'OleUninitialize',
'OleInitialize',
'CoTaskMemFree',
'CoTaskMemAlloc',
'StringFromGUID2',
'ProgIDFromCLSID',
'StringFromCLSID',
'CoCreateInstance',
'CoGetClassObject',
'CoUninitialize',
'CoInitialize',
'IsEqualGUID',
'InitializeFlatSB',
'FlatSB_SetScrollProp',
'FlatSB_SetScrollPos',
'FlatSB_SetScrollInfo',
'FlatSB_GetScrollPos',
'FlatSB_GetScrollInfo',
'_TrackMouseEvent',
'ImageList_SetIconSize',
'ImageList_GetIconSize',
'ImageList_Write',
'ImageList_Read',
'ImageList_GetDragImage',
'ImageList_DragShowNolock',
'ImageList_DragMove',
'ImageList_DragLeave',
'ImageList_DragEnter',
'ImageList_EndDrag',
'ImageList_BeginDrag',
'ImageList_GetIcon',
'ImageList_Remove',
'ImageList_DrawEx',
'ImageList_Replace',
'ImageList_Draw',
'ImageList_GetBkColor',
'ImageList_SetBkColor',
'ImageList_Add',
'ImageList_SetImageCount',
'ImageList_GetImageCount',
'ImageList_Destroy',
'ImageList_Create',
'InitCommonControls',
'EnumDisplayMonitors',
'GetMonitorInfoW',
'MonitorFromPoint',
'MonitorFromRect',
'MonitorFromWindow',
'_gcvt',
'strtod',
'atof',
'atoi',
'_atoi64',
'_itoa',
'sprintf',
'_ismbblead',
'towupper',
'towlower',
'strstr',
'wcstombs',
'wcslen',
'_mbscspn',
'_stricmp',
'strcspn',
'strlen',
'strcmp',
'strncpy',
'strcpy',
'strcat',
'memset',
'memmove',
'memcpy',
'memcmp',
'ShellExecuteW',
'Shell_NotifyIconW',
'DragQueryFileW',
'DragFinish',
'DragAcceptFiles',
'URLDownloadToFileA',
'SHGetSpecialFolderPathW',
'SHGetPathFromIDListW',
'SHGetMalloc',
'SHGetDesktopFolder',
'SHBrowseForFolderW',
'SHAddToRecentDocs',
'PrintDlgW',
'ChooseFontW',
'ReplaceTextW',
'FindTextW',
'ChooseColorW',
'GetSaveFileNameW',
'GetOpenFileNameW',
'WritePrinter',
'StartPagePrinter',
'StartDocPrinterW',
'OpenPrinterW',
'EnumPrintersW',
'EndPagePrinter',
'EndDocPrinter',
'DocumentPropertiesW',
'ClosePrinter',
'GetDefaultPrinterW',
'MulDiv',
'timeGetTime',
'sndPlaySoundW',
'gluUnProject',
'gluProject',
'LresultFromObject',
'WSACleanup',
'WSAStartup',
'gethostname',
'gethostbyname',
'inet_ntoa'],
'LinkerVersion': 8,
'NumberOfImportDLL': 30,
'NumberOfImportFunctions': 711,
'NumberOfSections': 9,
'OSVersion': 5,
'ResSize': 1093120,
'SectionNames': {'.bss\x00\x00\x00\x00': 0,
'.data\x00\x00\x00': 755200,
'.didata\x00': 3584,
'.idata\x00\x00': 25088,
'.pdata\x00\x00': 428032,
'.rdata\x00\x00': 512,
'.rsrc\x00\x00\x00': 1093120,
'.text\x00\x00\x00': 12775424,
'.tls\x00\x00\x00\x00': 0},
'StackReserveSize': 1048576,
'filename': './data/malware/0afe81f4608744675c5fda4b36b249a7da16d52de14af542ecd62de48ccf654c'},
'0b67d8fc01b7855cb117bd01bf8a66d5f799a72efe225305921356b14790b42d': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 126452,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 126464,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/0b67d8fc01b7855cb117bd01bf8a66d5f799a72efe225305921356b14790b42d'},
'0c2d88e35e35ad495009f2dd2e0f467211297bfb4306eea06cb8d78decffcb75': {'AddressOfEntryPoint': 335972,
'DebugRVA': 45520,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'WMILIB.SYS': 'WmiCompleteRequest',
'ntoskrnl.exe': 'RtlAnsiCharToUnicodeChar',
'portcls.sys': 'PcRequestNewPowerState'},
'ImportedFunctions': ['RtlCompareMemory',
'ExAllocatePoolWithTag',
'RtlInitUnicodeString',
'KeSetEvent',
'IoFreeWorkItem',
'MmGetSystemRoutineAddress',
'KeInitializeEvent',
'KeInitializeDpc',
'KeInitializeTimer',
'IoAllocateWorkItem',
'IoFreeIrp',
'IoAllocateIrp',
'ExInterlockedRemoveHeadList',
'IoQueueWorkItem',
'KeCancelTimer',
'_purecall',
'KeClearEvent',
'PoRequestPowerIrp',
'KeDelayExecutionThread',
'PoSetPowerState',
'KeSetTimer',
'KeWaitForSingleObject',
'KeWaitForMultipleObjects',
'ExInterlockedInsertTailList',
'IoWMIRegistrationControl',
'IoWMIWriteEvent',
'IoRegisterDeviceInterface',
'IoSetDeviceInterfaceState',
'RtlFreeUnicodeString',
'IofCompleteRequest',
'RtlCompareUnicodeString',
'KeBugCheckEx',
'ExAllocatePoolWithQuotaTag',
'KeResetEvent',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'ExFreePoolWithTag',
'IoCancelIrp',
'ExFreePool',
'PsGetVersion',
'RtlAnsiCharToUnicodeChar',
'WmiSystemControl',
'WmiCompleteRequest',
'PcDispatchIrp',
'PcAddAdapterDevice',
'PcRegisterAdapterPowerManagement',
'PcInitializeAdapterDriver',
'PcUnregisterAdapterPowerManagement',
'PcNewRegistryKey',
'PcForwardIrpSynchronous',
'PcRegisterPhysicalConnection',
'PcRegisterSubdevice',
'PcNewPort',
'PcRequestNewPowerState'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 54,
'NumberOfSections': 10,
'OSVersion': 6,
'ResSize': 29672,
'SectionNames': {'.data\x00\x00\x00': 8704,
'.pdata\x00\x00': 7168,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 2560,
'.rsrc\x00\x00\x00': 29696,
'.text\x00\x00\x00': 5632,
'CODE\x00\x00\x00\x00': 25600,
'INIT\x00\x00\x00\x00': 2048,
'PAGE\x00\x00\x00\x00': 247808,
'page\x00\x00\x00\x00': 1536},
'StackReserveSize': 262144,
'filename': './data/malware/0c2d88e35e35ad495009f2dd2e0f467211297bfb4306eea06cb8d78decffcb75'},
'0c55fe68032aba40d00f7b41602720a71e265555a61332934f597040fa6dd167': {'AddressOfEntryPoint': 177104,
'DebugRVA': 51048,
'DebugSize': 56,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 53248,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NDIS.SYS': 'NdisInitializeReadWriteLock',
'NDISTAPI.SYS': 'NdisTapiRegisterProvider',
'NETIO.SYS': 'NmrClientAttachProvider',
'ntoskrnl.exe': 'ExInitializeNPagedLookasideList'},
'ImportedFunctions': ['KeSetTimerEx',
'KeInitializeEvent',
'KeClearEvent',
'KeSetTimer',
'KeReleaseSpinLockFromDpcLevel',
'KeAcquireSpinLockAtDpcLevel',
'IoReleaseCancelSpinLock',
'IoIs32bitProcess',
'RtlAppendUnicodeStringToString',
'RtlIntegerToUnicodeString',
'RtlCopyUnicodeString',
'RtlQueryRegistryValues',
'KeInitializeDpc',
'KeInitializeTimerEx',
'KeQueryTimeIncrement',
'IofCompleteRequest',
'IoWMIRegistrationControl',
'RtlCompareMemory',
'MmGetSystemRoutineAddress',
'IoWMIWriteEvent',
'RtlInitUnicodeString',
'KeWaitForSingleObject',
'MmLockPagableDataSection',
'KeSetEvent',
'KeReleaseSpinLock',
'KeAcquireSpinLockRaiseToDpc',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'ExQueryDepthSList',
'ExpInterlockedPushEntrySList',
'ExpInterlockedPopEntrySList',
'RtlGUIDFromString',
'InitializeSListHead',
'ExAllocatePoolWithTagPriority',
'IoFreeMdl',
'DbgPrint',
'MmMapLockedPages',
'RtlUpcaseUnicodeString',
'KeBugCheckEx',
'ExDeleteNPagedLookasideList',
'ExInitializeNPagedLookasideList',
'NdisTerminateWrapper',
'NdisClDeregisterSap',
'NdisCmCloseCallComplete',
'NdisMCmDeactivateVc',
'NdisCoSendPackets',
'NdisCoRequest',
'NdisRequest',
'NdisResetEvent',
'NdisWaitEvent',
'NdisInitializeEvent',
'NdisClOpenAddressFamily',
'NdisCompleteUnbindAdapter',
'NdisCloseAdapter',
'NdisScheduleWorkItem',
'NdisOpenAdapter',
'NdisMCoSendComplete',
'NdisMCmRegisterAddressFamily',
'NdisReadNetworkAddress',
'NdisMSetAttributesEx',
'NdisRegisterDeviceEx',
'NdisCloseConfiguration',
'NdisReadConfiguration',
'NdisOpenConfiguration',
'NdisReturnPackets',
'NdisAllocateBuffer',
'NdisAllocatePacket',
'NdisAllocatePacketPoolEx',
'NdisFreeMemory',
'NdisAllocateMemory',
'NdisMCoReceiveComplete',
'NdisMCoIndicateReceivePacket',
'NdisMIndicateStatus',
'NdisDeregisterDeviceEx',
'NdisFreePacketPool',
'NdisFreePacket',
'NdisDeregisterProtocol',
'NdisReleaseReadWriteLock',
'NdisAcquireReadWriteLock',
'NdisRegisterProtocol',
'NdisMRegisterMiniport',
'NdisMRegisterUnloadHandler',
'NdisClRegisterSap',
'NdisClCloseAddressFamily',
'NdisClIncomingCallComplete',
'NdisCmDispatchIncomingCloseCall',
'NdisClCloseCall',
'NdisMCmActivateVc',
'NdisInitializeWrapper',
'NdisInitializeReadWriteLock',
'NdisTapiDeregisterProvider',
'NdisTapiCompleteRequest',
'NdisTapiIndicateStatus',
'NdisTapiRegisterProvider',
'NmrDeregisterClient',
'NmrWaitForClientDeregisterComplete',
'NmrRegisterClient',
'NmrClientAttachProvider'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 98,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1056,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 8704,
'.rdata\x00\x00': 16896,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 47104,
'INIT\x00\x00\x00\x00': 10240,
'PAGE\x00\x00\x00\x00': 4608,
'PAGENWan': 72704},
'StackReserveSize': 262144,
'filename': './data/malware/0c55fe68032aba40d00f7b41602720a71e265555a61332934f597040fa6dd167'},
'0cb93487639cd60e5f88642514c91dae11f3fd2635e4fdd2c01ab17cd1785c2c': {'AddressOfEntryPoint': 115996,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 180224,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueExA',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'GetCurrentProcess',
'OLEAUT32.dll': 'LoadTypeLib',
'SHELL32.dll': 'SHGetFolderPathA',
'USER32.dll': 'SetWindowTextA',
'VERSION.dll': 'VerQueryValueA',
'WININET.dll': 'InternetConnectA',
'gdiplus.dll': 'GdipCreateBitmapFromScan0',
'ole32.dll': 'CoTaskMemRealloc',
'urlmon.dll': 'URLDownloadToFileA'},
'ImportedFunctions': ['GetVersionExA',
'LoadLibraryA',
'GetSystemDirectoryA',
'SetDllDirectoryA',
'GetLongPathNameA',
'GetShortPathNameA',
'GetWindowsDirectoryA',
'GetEnvironmentVariableA',
'ReadFile',
'CreateEventA',
'GetNativeSystemInfo',
'SetFilePointer',
'GetTempPathA',
'GetTickCount',
'GetCurrentProcessId',
'GetUserDefaultUILanguage',
'FindClose',
'FindFirstFileA',
'ExitProcess',
'LocalFree',
'LocalAlloc',
'FormatMessageA',
'TerminateProcess',
'OpenProcess',
'GetFileAttributesA',
'SetEndOfFile',
'UnmapViewOfFile',
'MapViewOfFile',
'CreateFileMappingA',
'GetFileSize',
'MoveFileExA',
'Process32Next',
'Process32First',
'CreateToolhelp32Snapshot',
'GetLocaleInfoA',
'ResetEvent',
'CreateThread',
'SetEnvironmentVariableA',
'CompareStringW',
'CreateFileW',
'FlushFileBuffers',
'WriteConsoleW',
'SetStdHandle',
'LCMapStringW',
'GetConsoleMode',
'GetConsoleCP',
'QueryPerformanceCounter',
'GetFileType',
'SetHandleCount',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetTimeZoneInformation',
'GetStringTypeW',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetCPInfo',
'Sleep',
'LoadLibraryW',
'HeapSize',
'HeapReAlloc',
'FlsAlloc',
'FlsFree',
'FlsSetValue',
'FlsGetValue',
'RtlCaptureContext',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetModuleFileNameW',
'GetStdHandle',
'HeapCreate',
'GetVersion',
'HeapSetInformation',
'GetStartupInfoW',
'GetSystemTimeAsFileTime',
'EncodePointer',
'DecodePointer',
'GetModuleHandleW',
'RtlUnwindEx',
'RtlLookupFunctionEntry',
'VirtualQuery',
'GetSystemInfo',
'SetThreadStackGuarantee',
'VirtualProtect',
'RtlPcToFileHeader',
'InterlockedPopEntrySList',
'VirtualAlloc',
'VirtualFree',
'GetProcessHeap',
'HeapAlloc',
'HeapFree',
'InterlockedPushEntrySList',
'MultiByteToWideChar',
'RaiseException',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetLastError',
'InitializeCriticalSectionAndSpinCount',
'DeleteCriticalSection',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'GetProcAddress',
'GetModuleHandleA',
'WaitForSingleObject',
'FlushInstructionCache',
'GetThreadLocale',
'GetCommandLineA',
'lstrcpynA',
'CreateDirectoryA',
'GlobalHandle',
'GlobalFree',
'LoadLibraryExA',
'FreeLibrary',
'SetLastError',
'GlobalLock',
'GlobalUnlock',
'GetModuleFileNameA',
'MulDiv',
'IsDBCSLeadByte',
'GetCurrentThreadId',
'lstrlenW',
'WideCharToMultiByte',
'DeleteFileA',
'CreateProcessA',
'GetExitCodeProcess',
'lstrlenA',
'lstrcatA',
'CreateFileA',
'WriteFile',
'CloseHandle',
'lstrcmpA',
'lstrcpyA',
'lstrcmpiA',
'FindResourceA',
'GlobalAlloc',
'GetCurrentProcess',
'PtInRect',
'GetWindowRect',
'GetCursorPos',
'SetCursor',
'PeekMessageA',
'EndDialog',
'DispatchMessageW',
'TranslateMessage',
'GetMessageA',
'GetMessageW',
'IsWindowUnicode',
'MsgWaitForMultipleObjectsEx',
'DestroyWindow',
'wsprintfA',
'LoadStringA',
'CharNextA',
'DefWindowProcA',
'SetWindowLongPtrA',
'ShowWindow',
'LoadBitmapA',
'GetDlgCtrlID',
'SetWindowContextHelpId',
'MapDialogRect',
'IsWindowVisible',
'GetSystemMenu',
'LoadImageA',
'EnableMenuItem',
'DispatchMessageA',
'GetSysColor',
'GetWindowLongA',
'SetWindowLongA',
'MoveWindow',
'SetWindowPos',
'GetClientRect',
'ClientToScreen',
'ScreenToClient',
'GetDC',
'ReleaseDC',
'InvalidateRect',
'InvalidateRgn',
'RedrawWindow',
'SetCapture',
'IsChild',
'GetParent',
'GetDlgItem',
'GetClassNameA',
'ReleaseCapture',
'FillRect',
'CallWindowProcA',
'GetWindowLongPtrA',
'EndPaint',
'BeginPaint',
'DestroyAcceleratorTable',
'SetFocus',
'GetWindow',
'GetFocus',
'UnregisterClassA',
'GetDesktopWindow',
'SendMessageA',
'IsWindow',
'GetClassInfoExA',
'LoadCursorA',
'RegisterClassExA',
'CreateWindowExA',
'CreateAcceleratorTableA',
'SetForegroundWindow',
'IsDlgButtonChecked',
'CheckDlgButton',
'EnableWindow',
'EnumWindows',
'GetWindowThreadProcessId',
'PostMessageA',
'MessageBoxA',
'GetActiveWindow',
'CreateDialogIndirectParamA',
'DialogBoxIndirectParamA',
'RegisterWindowMessageA',
'GetWindowTextLengthA',
'GetWindowTextA',
'SetWindowTextA',
'CreateDIBSection',
'SetDIBColorTable',
'SetBkMode',
'StretchBlt',
'SetTextColor',
'SaveDC',
'SetGraphicsMode',
'ModifyWorldTransform',
'SetViewportOrgEx',
'SetWindowOrgEx',
'DPtoLP',
'CreateFontIndirectA',
'RestoreDC',
'GetStockObject',
'GetObjectA',
'CreateSolidBrush',
'BitBlt',
'CreateCompatibleDC',
'CreateCompatibleBitmap',
'SelectObject',
'DeleteObject',
'DeleteDC',
'GetDeviceCaps',
'CryptGetHashParam',
'RegCloseKey',
'RegOpenCurrentUser',
'RegQueryInfoKeyA',
'RegOpenKeyA',
'CryptAcquireContextA',
'CryptCreateHash',
'CryptReleaseContext',
'CryptHashData',
'RegOpenKeyExA',
'CryptDestroyHash',
'RegEnumKeyA',
'RegEnumKeyExA',
'RegQueryInfoKeyW',
'RegSetValueExA',
'RegDeleteValueA',
'RegDeleteKeyA',
'RegCreateKeyExA',
'RegQueryValueExA',
'ShellExecuteA',
'SHGetFolderLocation',
'SHBrowseForFolderA',
'SHGetPathFromIDListA',
'SHGetFolderPathA',
'CoTaskMemAlloc',
'OleUninitialize',
'OleInitialize',
'CreateStreamOnHGlobal',
'CLSIDFromString',
'CLSIDFromProgID',
'CoGetClassObject',
'OleLockRunning',
'StringFromGUID2',
'CoTaskMemFree',
'CoCreateInstance',
'CoTaskMemRealloc',
'LoadRegTypeLib',
'OleCreateFontIndirect',
'VariantClear',
'VariantInit',
'VarUI4FromStr',
'SysAllocString',
'SysFreeString',
'SysAllocStringLen',
'SysStringLen',
'LoadTypeLib',
'URLDownloadToFileA',
'GetFileVersionInfoA',
'VerQueryValueA',
'InternetCloseHandle',
'InternetReadFile',
'HttpQueryInfoA',
'HttpSendRequestA',
'HttpOpenRequestA',
'InternetCrackUrlA',
'InternetOpenA',
'InternetErrorDlg',
'InternetConnectA',
'GdipDeleteGraphics',
'GdipGetImagePixelFormat',
'GdipFree',
'GdipDisposeImage',
'GdipGetImageWidth',
'GdipGetImageHeight',
'GdipGetImagePaletteSize',
'GdipGetImagePalette',
'GdipCreateBitmapFromFile',
'GdipBitmapLockBits',
'GdipBitmapUnlockBits',
'GdiplusStartup',
'GdiplusShutdown',
'GdipGetImageGraphicsContext',
'GdipDrawImageI',
'GdipCloneImage',
'GdipAlloc',
'GdipCreateBitmapFromScan0'],
'LinkerVersion': 10,
'NumberOfImportDLL': 12,
'NumberOfImportFunctions': 319,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 32665128,
'SectionNames': {'.data\x00\x00\x00': 14336,
'.pdata\x00\x00': 8192,
'.rdata\x00\x00': 62464,
'.reloc\x00\x00': 13312,
'.rsrc\x00\x00\x00': 32665600,
'.text\x00\x00\x00': 175616},
'StackReserveSize': 1048576,
'filename': './data/malware/0cb93487639cd60e5f88642514c91dae11f3fd2635e4fdd2c01ab17cd1785c2c'},
'0d2b7269bfa06c7ee80b4da2c522b14799f947e96ca880e4f3d0b35f6cb1ec32': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 209992,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 210432,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/0d2b7269bfa06c7ee80b4da2c522b14799f947e96ca880e4f3d0b35f6cb1ec32'},
'0d36a4a97dcf7962f0670d09fc2b15c5dea7eb2d0fcd3ee00275fc8896d018e4': {'AddressOfEntryPoint': 49160,
'DebugRVA': 36976,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 36864,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NTOSKRNL.exe': 'KeBugCheckEx',
'storport.sys': 'StorPortNotification'},
'ImportedFunctions': ['StorPortGetScatterGatherList',
'StorPortGetDeviceBase',
'StorPortLogError',
'StorPortSetBusDataByOffset',
'StorPortGetBusData',
'StorPortGetPhysicalAddress',
'StorPortInitialize',
'StorPortCompleteRequest',
'StorPortGetUncachedExtension',
'StorPortStallExecution',
'StorPortNotification',
'KeBugCheckEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 12,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 31232,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/0d36a4a97dcf7962f0670d09fc2b15c5dea7eb2d0fcd3ee00275fc8896d018e4'},
'0d4e4ccf74a156bf4102a9b683b430b010a746a7cb1399fec8f69da59ad11b0a': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 215096,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 215552,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/0d4e4ccf74a156bf4102a9b683b430b010a746a7cb1399fec8f69da59ad11b0a'},
'0dd9d3e39ad88f5bd2a47749878dbdeee30e9e16f6a9476edd0677c284cbb7c2': {'AddressOfEntryPoint': 82432,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExW',
'KERNEL32.dll': 'CompareStringA',
'SETUPAPI.dll': 'SetupCopyOEMInfW'},
'ImportedFunctions': ['SetupCopyOEMInfW',
'SetFileAttributesW',
'GetLastError',
'CopyFileW',
'GetSystemDirectoryW',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetCurrentThread',
'GetCurrentProcess',
'CompareStringW',
'GetCurrentDirectoryW',
'SetUnhandledExceptionFilter',
'HeapFree',
'HeapAlloc',
'GetVersionExA',
'GetProcessHeap',
'GetStartupInfoW',
'HeapSetInformation',
'HeapCreate',
'GetProcAddress',
'GetModuleHandleA',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'LCMapStringA',
'LCMapStringW',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetEnvironmentVariableA',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'GetModuleFileNameW',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'LoadLibraryA',
'InitializeCriticalSection',
'GetStringTypeA',
'GetStringTypeW',
'Sleep',
'GetLocaleInfoA',
'CloseHandle',
'GetExitCodeProcess',
'WaitForSingleObject',
'CreateProcessA',
'GetFileAttributesA',
'HeapSize',
'HeapReAlloc',
'CompareStringA',
'RegSetValueExW',
'RegCloseKey',
'OpenThreadToken',
'OpenProcessToken',
'ImpersonateLoggedOnUser',
'RegCreateKeyExW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 82,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 176,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 12800,
'.rsrc\x00\x00\x00': 7680,
'.text\x00\x00\x00': 45056},
'StackReserveSize': 1048576,
'filename': './data/malware/0dd9d3e39ad88f5bd2a47749878dbdeee30e9e16f6a9476edd0677c284cbb7c2'},
'0dd9fca04aba0e49801f3c1f1647d40fcfcf48808603855f955c07b390d1e1ad': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 574680,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 577536,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/0dd9fca04aba0e49801f3c1f1647d40fcfcf48808603855f955c07b390d1e1ad'},
'0dda4832bfeddd2261634aa12928a5215860c4b090e45af36aa159ea325e6f70': {'AddressOfEntryPoint': 1073932093,
'DebugRVA': 128112,
'DebugSize': 28,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 126976,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'StartServiceW',
'KERNEL32.dll': 'SetEndOfFile',
'SHELL32.dll': 'CommandLineToArgvW',
'SHLWAPI.dll': 'SHDeleteKeyW',
'USER32.dll': 'SendMessageTimeoutW',
'WINSPOOL.DRV': 'AddPrinterW'},
'ImportedFunctions': ['GetSystemDirectoryW',
'GetModuleFileNameW',
'DeleteFileW',
'GetModuleFileNameA',
'CloseHandle',
'WriteFile',
'GetLocalTime',
'CreateFileW',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetTickCount',
'CreateFileA',
'CopyFileW',
'SetStdHandle',
'WriteConsoleW',
'LoadLibraryW',
'HeapReAlloc',
'GetStringTypeW',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'HeapCreate',
'GetVersion',
'HeapSetInformation',
'MoveFileExW',
'lstrlenA',
'GetVersionExW',
'GetComputerNameW',
'Sleep',
'GetModuleHandleW',
'GetProcAddress',
'GetCurrentProcess',
'MultiByteToWideChar',
'GetCommandLineW',
'LocalAlloc',
'LocalFree',
'GetLastError',
'lstrlenW',
'GlobalFree',
'FlushFileBuffers',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'SetFilePointer',
'DeleteCriticalSection',
'GetFileType',
'SetHandleCount',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'EncodePointer',
'DecodePointer',
'GetCommandLineA',
'GetStartupInfoW',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'LCMapStringW',
'HeapSize',
'ExitProcess',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetConsoleCP',
'GetConsoleMode',
'ReadFile',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'SetEndOfFile',
'wsprintfW',
'SendMessageTimeoutW',
'AddPrinterDriverExW',
'DeletePrinter',
'SetPrinterDataW',
'DeletePrinterDriverExW',
'SetJobW',
'EnumJobsW',
'EnumPortsW',
'EnumPrintersW',
'OpenPrinterW',
'DocumentPropertiesW',
'ClosePrinter',
'DeleteMonitorW',
'GetPrinterW',
'AddMonitorW',
'AddPrinterW',
'QueryServiceStatus',
'EnumDependentServicesW',
'OpenServiceW',
'ControlService',
'CloseServiceHandle',
'OpenSCManagerW',
'OpenServiceA',
'InitializeSecurityDescriptor',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegSetValueExW',
'RegCreateKeyExW',
'RegDeleteValueW',
'RegCloseKey',
'StartServiceW',
'ShellExecuteW',
'SHGetSpecialFolderPathW',
'CommandLineToArgvW',
'SHDeleteEmptyKeyW',
'SHDeleteKeyW'],
'LinkerVersion': 10,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 121,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 1236,
'StackReserveSize': 1048576,
'filename': './data/malware/0dda4832bfeddd2261634aa12928a5215860c4b090e45af36aa159ea325e6f70'},
'0e0120604f328252fbcd85d39747cff98a10b31bad25f97bcd69b3ba6aa213fd': {'AddressOfEntryPoint': 1249872,
'DebugRVA': 968184,
'DebugSize': 56,
'Dll': 0,
'ExportRVA': 1241088,
'ExportSize': 73,
'IATRVA': 970752,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'FLTMGR.SYS': 'FltReleaseFileNameInformation',
'HAL.dll': 'KeQueryPerformanceCounter',
'NDIS.SYS': 'NdisAdjustNetBufferCurrentMdl',
'NETIO.SYS': 'NetioInsertWorkQueue',
'fwpkclnt.sys': 'FwpsCalloutUnregisterByKey0',
'ksecdd.sys': 'BCryptDestroyKey',
'msrpc.sys': 'MesDecodeBufferHandleCreate',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['PsGetCurrentProcessId',
'ExAcquireResourceExclusiveLite',
'KeLeaveCriticalRegion',
'KeEnterCriticalRegion',
'ExReleaseResourceLite',
'ExDeleteResourceLite',
'ExInitializeResourceLite',
'RtlAnsiCharToUnicodeChar',
'MmProbeAndLockPages',
'RtlSetBits',
'RtlInitializeBitMap',
'RtlSetBit',
'SeExports',
'ExInitializeLookasideListEx',
'ExDeleteLookasideListEx',
'KeQueryActiveProcessorCount',
'DbgPrint',
'RtlSubAuthorityCountSid',
'SeQueryInformationToken',
'ObOpenObjectByPointer',
'PsIsSystemProcess',
'RtlEqualSid',
'QsDdreferencePrimaryToken',
'PsReferencePrimaryToken',
'PsReferenceImpersonationToken',
'RtlDowncaseUnicodeString',
'PsReferenceProcessFilePointer',
'ObCloseHandle',
'KeQueryTimeIncrement',
'ExUuidCreate',
'ExGetPreviousMode',
'KeBugCheck',
'SeReportSecurityEventWithSubCategory',
'SeSetAuditParameter',
'DbgBreakPoint',
'MmSizeOfMdl',
'MmUnmapLockedPages',
'ZwQueryValueKey',
'ZwClose',
'ZwNotifyChangeKey',
'ZwOpenKey',
'KeFlushQueuedDpcs',
'KeCancelTimer',
'KeInitializeTimerEx',
'KeSetTimerEx',
'ExGetCurrentProcessorCounts',
'MmUserProbeAddress',
'ExCreateCallback',
'IoFreeWorkItem',
'IoAllocateWorkItem',
'IoQueueWorkItem',
'ExReleaseFastMutex',
'ExAcquireFastMutex',
'KeInsertQueueDpc',
'KeSetTargetProcessorDpc',
'KeInitializeDpc',
'ExAllocatePoolWithTagPriority',
'KeReleaseInStackQueuedSpinLock',
'KeAcquireInStackQueuedSpinLock',
'MmBuildMdlForNonPagedPool',
'ExNotifyCallback',
'RtlGetVersion',
'RtlInitializeGenericTableAvl',
'PsGetProcessSessionId',
'ExQueryDepthSList',
'ExpInterlockedPushEntrySList',
'RtlLookupElementGenericTableFullAvl',
'IoWriteErrorLogEntry',
'IoAllocateErrorLogEntry',
'KeIsExecutingDpc',
'ExpInterlockedPopEntrySList',
'ObDereferenceSecurityDescriptor',
'KeReleaseSpinLock',
'PsGetProcessId',
'KeAcquireSpinLockRaiseToDpc',
'KeAcquireSpinLockAtDpcLevel',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'IoBuildPartialMdl',
'IoAllocateMdl',
'KeReleaseSpinLockFromDpcLevel',
'KeTestSpinLock',
'KeAcquireInStackQueuedSpinLockAtDpcLevel',
'KeReleaseInStackQueuedSpinLockFromDpcLevel',
'KeReleaseSemaphore',
'ObReferenceSecurityDescriptor',
'KeNumberProcessors',
'ZwQuerySystemInformation',
'IoBuildDeviceIoControlRequest',
'ObfDereferenceObject',
'ObfReferenceObject',
'IoGetDeviceObjectPointer',
'IoIs32bitProcess',
'PsGetThreadProcess',
'PsIsSystemThread',
'PsGetCurrentThread',
'PsGetCurrentProcess',
'KeInitializeEvent',
'KeWaitForSingleObject',
'KeSetEvent',
'MmUnlockPages',
'RtlAddAccessAllowedAceEx',
'RtlIpv6AddressToStringExW',
'RtlIpv4AddressToStringExW',
'KeDelayExecutionThread',
'KeReleaseMutex',
'InitializeSListHead',
'KeInitializeMutex',
'RtlEnumerateGenericTableLikeADirectory',
'RtlTimeToTimeFields',
'ExDeleteNPagedLookasideList',
'KeBugCheckEx',
'RtlCompareMemory',
'IoDeleteDevice',
'RtlInitUnicodeString',
'IofCompleteRequest',
'IoGetCurrentProcess',
'IofCallDriver',
'IoWMIWriteEvent',
'ExInitializeNPagedLookasideList',
'RtlSubAuthoritySid',
'RtlSetDaclSecurityDescriptor',
'RtlCreateSecurityDescriptor',
'RtlAddAccessAllowedAce',
'RtlCreateAcl',
'RtlInitializeSid',
'RtlLengthRequiredSid',
'RtlFreeUnicodeString',
'RtlConvertSidToUnicodeString',
'RtlCopySid',
'ZwEnumerateKey',
'RtlLengthSid',
'RtlValidSid',
'RtlQueryRegistryValues',
'RtlCompareUnicodeString',
'RtlIpv6StringToAddressW',
'RtlIpv4StringToAddressW',
'RtlUnicodeStringToInteger',
'IoCreateSymbolicLink',
'KeUnstackDetachProcess',
'ZwDuplicateToken',
'KeStackAttachProcess',
'ObReferenceObjectByHandle',
'ZwOpenProcess',
'KeInitializeSemaphore',
'SeCaptureSubjectContextEx',
'SeLockSubjectContext',
'SeAccessCheck',
'IoGetFileObjectGenericMapping',
'SeOpenObjectAuditAlarmForNonObObject',
'SeUnlockSubjectContext',
'SeReleaseSubjectContext',
'RtlFindClearBits',
'RtlAreBitsClear',
'RtlFindSetBits',
'RtlClearBits',
'RtlClearAllBits',
'ExAcquireResourceSharedLite',
'RtlClearBit',
'IoDeleteSymbolicLink',
'ObSetSecurityObjectByPointer',
'ExFreePoolWithTag',
'IoWMIRegistrationControl',
'ExAllocatePoolWithTag',
'IoCreateDevice',
'RtlIntegerToUnicodeString',
'MmGetSystemRoutineAddress',
'__C_specific_handler',
'NetioFreeNetBufferList',
'NetioDereferenceNetBufferListChain',
'NetioExtendNetBuffer',
'FsbAllocateAtDpcLevel',
'RtlCleanupTimerWheelEntry',
'FsbAllocate',
'RtlLookupEntryHashTable',
'RtlInsertElementGenericTableBasicAvl',
'RtlComputeToeplitzHash',
'RtlGetNextExpiredTimerWheelEntry',
'RtlGetNextEntryHashTable',
'RtlDeleteElementGenericTableBasicAvl',
'RtlRemoveEntryHashTable',
'RtlReturnTimerWheelEntry',
'NetioInitializeWorkQueue',
'NetioShutdownWorkQueue',
'RtlInitializeTimerWheelEntry',
'RtlInsertEntryHashTable',
'RtlCopyMdlToMdlIndirect',
'NetioAdvanceToLocationInNetBuffer',
'TlDefaultRequestQueryDispatch',
'TlDefaultRequestMessage',
'TlDefaultRequestQueryDispatchEndpoint',
'RtlCopyMdlToBuffer',
'NetioFreeNetBufferAndNetBufferList',
'RtlCopyBufferToMdl',
'NetioAllocateAndReferenceNetBufferAndNetBufferList',
'RtlDeleteHashTable',
'RtlCleanupTimerWheel',
'RtlInitializeTimerWheel',
'RtlCreateHashTable',
'RtlExpandHashTable',
'RtlContractHashTable',
'NetioCompleteCopyNetBufferListChain',
'NetioInitializeNetBufferListContext',
'NetioFreeCopyNetBufferList',
'NetioAllocateAndReferenceCopyNetBufferListEx',
'RtlUpdateCurrentTimerWheelTick',
'NetioRetreatNetBufferList',
'NetioAllocateMdl',
'NmrProviderDetachClientComplete',
'NmrRegisterProvider',
'NmrDeregisterProvider',
'NmrWaitForProviderDeregisterComplete',
'NmrClientDetachProviderComplete',
'NmrClientAttachProvider',
'NmrRegisterClient',
'NmrDeregisterClient',
'NmrWaitForClientDeregisterComplete',
'RtlInitWeakEnumerationHashTable',
'RtlWeaklyEnumerateEntryHashTable',
'RtlEndWeakEnumerationHashTable',
'NetioReferenceNetBufferList',
'TlDefaultRequestListen',
'TlDefaultRequestConnect',
'TlDefaultRequestCancel',
'TlDefaultRequestIoControl',
'FsbFree',
'NetioFreeNetBuffer',
'NetioFreeMdl',
'NetioAllocateNetBufferMdlAndData',
'NetioFreeNetBufferListNetBufferMdlAndDataPool',
'NetioFreeNetBufferMdlAndDataPool',
'NetioAllocateNetBufferListNetBufferMdlAndDataPool',
'NetioAllocateNetBufferMdlAndDataPool',
'NetioDereferenceNetBufferList',
'NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData',
'RtlIndicateTimerWheelEntryTimerStart',
'RtlCleanupToeplitzHash',
'RtlInitializeToeplitzHash',
'FsbDestroyPool',
'FsbCreatePool',
'WfpStreamEndpointCleanupBegin',
'WfpStopStreamShim',
'WfpStartStreamShim',
'NetioInitializeNetBufferListAndFirstNetBufferContext',
'NetioUnInitializeNetBufferListLibrary',
'NetioInitializeNetBufferListLibrary',
'RtlInvokeStopRoutines',
'RtlInvokeStartRoutines',
'WfpStreamInspectSend',
'WfpStreamInspectDisconnect',
'NsiEnumerateObjectsAllParameters',
'NsiReferenceDefaultObjectSecurity',
'NsiRegisterChangeNotification',
'NsiDeregisterChangeNotification',
'NetioCompleteNetBufferListChain',
'NetioAllocateAndReferenceFragmentNetBufferList',
'RtlCopyMdlToMdl',
'IoctlKfdResetState',
'IoctlKfdQueryLayerStatistics',
'IoctlKfdAbortTransaction',
'IoctlKfdCommitTransaction',
'IoctlKfdDeleteCache',
'IoctlKfdAddCache',
'IoctlKfdBatchUpdate',
'IoctlKfdDeleteIndex',
'IoctlKfdAddIndex',
'SetWfpDeviceObject',
'HfDestroyFactory',
'HfCreateFactory',
'NetioAllocateAndReferenceNetBufferList',
'NetioAllocateNetBuffer',
'NsiSetObjectSecurity',
'PtGetNumNodes',
'PtCreateTable',
'PtDestroyTable',
'NsiSetParameter',
'NsiFreeTable',
'NsiAllocateAndGetTable',
'PtInsertEntry',
'PtGetExactMatch',
'PtSetData',
'PtGetData',
'PtGetLongestMatch',
'PtEnumOverTable',
'PtGetKey',
'PtDeleteEntry',
'PtGetNextShorterMatch',
'NetioQueryNetBufferListTrafficClass',
'NetioExpandNetBuffer',
'NetioUpdateNetBufferListContext',
'NetioAllocateAndReferenceCloneNetBufferListEx',
'NetioAllocateAndReferenceCloneNetBufferList',
'NetioFreeCloneNetBufferList',
'NetioAllocateAndReferenceVacantNetBufferList',
'NetioCompleteNetBufferAndNetBufferListChain',
'NsiGetParameter',
'NsiGetAllParameters',
'RtlEndEnumerationHashTable',
'RtlEnumerateEntryHashTable',
'RtlInitEnumerationHashTable',
'KfdCheckAndCacheAcceptBypass',
'KfdCheckAcceptBypass',
'KfdCheckAndCacheConnectBypass',
'KfdCheckConnectBypass',
'KfdGetLayerActionFromEnumTemplate',
'KfdFreeEnumHandle',
'KfdDerefFilterContext',
'KfdGetNextFilter',
'KfdEnumLayer',
'WfpExpireEntryLru',
'WfpSetBucketsToEmptyLru',
'KfdAleInitializeFlowTable',
'WfpScavangeLeastRecentlyUsedList',
'NsiSetAllParameters',
'WfpStreamIsFilterPresent',
'WfpRefreshEntryLru',
'WfpDeleteEntryLru',
'WfpUninitializeLeastRecentlyUsedList',
'KfdToggleFilterActivation',
'KfdAleUninitializeFlowHandles',
'KfdAleInitializeFlowHandles',
'WfpInitializeLeastRecentlyUsedList',
'FwppStreamDeleteDpcQueue',
'KfdAleNotifyFlowDeletion',
'WfpInsertEntryLru',
'KfdGetOffloadEpoch',
'KfdIsLsoOffloadPossibleV6',
'KfdIsLsoOffloadPossibleV4',
'KfdIsV6InTransportFastEmpty',
'KfdIsV4InTransportFastEmpty',
'KfdIsV6OutTransportFastEmpty',
'KfdIsV4OutTransportFastEmpty',
'NetioAdvanceNetBufferList',
'KfdAleReleaseFlowHandleForFlow',
'KfdClassify',
'KfdAleAcquireFlowHandleForFlow',
'KfdIsLayerEmpty',
'KfdGetLayerCacheEpoch',
'FwppTruncateStreamDataAfterOffset',
'FwppAdvanceStreamDataPastOffset',
'FwppCopyStreamDataToBuffer',
'FwppStreamContinue',
'FwppStreamInject',
'WfpStreamInspectReceive',
'WfpStreamInspectRemoteDisconnect',
'NsiGetParameterEx',
'NetioInsertWorkQueue',
'NdisCompleteNetPnPEvent',
'NdisCloseAdapterEx',
'NdisOpenAdapterEx',
'NdisOidRequest',
'NdisInitiateOffload',
'NdisUpdateOffload',
'NdisInvalidateOffload',
'NdisInitializeTimer',
'NdisTerminateOffload',
'NdisRegisterProtocolDriver',
'NdisDeregisterProtocolDriver',
'NdisReleaseReadWriteLock',
'NdisAcquireReadWriteLock',
'NdisInitializeReadWriteLock',
'NdisGetSessionToCompartmentMappingEpochAndZero',
'NdisCancelTimer',
'NdisSetTimer',
'NdisReturnNetBufferLists',
'NdisSendNetBufferLists',
'NdisQueryOffloadState',
'NdisCancelSendNetBufferLists',
'NdisRetreatNetBufferDataStart',
'NdisGetDataBuffer',
'NdisGetProcessorInformation',
'NdisOffloadTcpReceive',
'NdisOffloadTcpSend',
'NdisOffloadTcpReceiveReturn',
'NdisSetOptionalHandlers',
'NdisOffloadTcpForward',
'NdisOffloadTcpDisconnect',
'NdisAdvanceNetBufferDataStart',
'NdisFreeNetBufferList',
'NdisGetSessionCompartmentId',
'NdisGetThreadObjectCompartmentId',
'NdisAdjustNetBufferCurrentMdl',
'FltGetFileNameInformationUnsafe',
'FltReleaseFileNameInformation',
'FwpsCalloutRegisterWithoutDevice0',
'FwpmBfeStateUnsubscribeChanges0',
'FwpmBfeStateSubscribeChangesWithoutDevice0',
'FwpmEngineOpen0',
'FwpmEngineClose0',
'FwpsClassifyOptionSet0',
'FwpmSecureSocketDeleteByKeyAsync0',
'FwpmSecureSocketAddAsync0',
'FwpsQueryOutstandingNbls0',
'FwpsRequestEndpointDeleteNotification0',
'FwppDispatchDevCtl0',
'IPsecDriverExpire',
'IPsecDriverInitiateAcquire',
'FwpmEventProviderFireNetEvent0',
'FwpmEventProviderIsNetEventTypeEnabled0',
'FwpmEventProviderDestroy0',
'FwpsTcpIpDispatchTableClear0',
'FwpsTcpIpDispatchTableSet0',
'FwpmEventProviderCreate0',
'FwpsCalloutUnregisterByKey0',
'KeQueryPerformanceCounter',
'BCryptGenRandom',
'BCryptGenerateSymmetricKey',
'BCryptDestroyHash',
'BCryptFinishHash',
'BCryptHashData',
'BCryptCreateHash',
'BCryptOpenAlgorithmProvider',
'BCryptCloseAlgorithmProvider',
'BCryptSetProperty',
'BCryptGetProperty',
'BCryptEncrypt',
'BCryptDecrypt',
'BCryptDestroyKey',
'NdrMesTypeDecode3',
'MesHandleFree',
'I_RpcExceptionFilter',
'MesDecodeBufferHandleCreate'],
'LinkerVersion': 8,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 422,
'NumberOfSections': 10,
'OSVersion': 6,
'ResSize': 992,
'SectionNames': {'.data\x00\x00\x00': 50688,
'.edata\x00\x00': 512,
'.pdata\x00\x00': 55296,
'.rdata\x00\x00': 96768,
'.reloc\x00\x00': 2560,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 964608,
'INIT\x00\x00\x00\x00': 17408,
'PAGE\x00\x00\x00\x00': 3072,
'PAGECONS': 512},
'StackReserveSize': 262144,
'filename': './data/malware/0e0120604f328252fbcd85d39747cff98a10b31bad25f97bcd69b3ba6aa213fd'},
'0ed3b1449a469849f451de56d6ff1d23f27adffdafb5698c3bcb4c3e6ddc2594': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 153020,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 153088,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/0ed3b1449a469849f451de56d6ff1d23f27adffdafb5698c3bcb4c3e6ddc2594'},
'0f031acfd428352cda06be247793114d4a5e192a863a83ded0b5f086b0773cb2': {'AddressOfEntryPoint': 36964,
'DebugRVA': 24768,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NTOSKRNL.exe': 'KeBugCheckEx',
'PCIIDEX.SYS': 'AtaPortWriteRegisterUlong'},
'ImportedFunctions': ['AtaPortCopyMemory',
'AtaPortGetPhysicalAddress',
'AtaPortReadRegisterUlong',
'AtaPortInitializeEx',
'AtaPortDeviceStateChange',
'AtaPortEtwTraceLog',
'AtaPortRegistryFreeBuffer',
'AtaPortGetBusData',
'AtaPortRegistryRead',
'AtaPortRequestCallback',
'AtaPortStallExecution',
'AtaPortGetUnCachedExtension',
'AtaPortReadRegisterUchar',
'AtaPortBuildRequestSenseIrb',
'AtaPortReleaseRequestSenseIrb',
'AtaPortCompleteRequest',
'AtaPortNotification',
'AtaPortGetDeviceBase',
'AtaPortGetScatterGatherList',
'AtaPortRegistryAllocateBuffer',
'AtaPortWriteRegisterUlong',
'KeBugCheckEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 22,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1024,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 17408,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/0f031acfd428352cda06be247793114d4a5e192a863a83ded0b5f086b0773cb2'},
'101c285300edf78e1a4222032c0295908257c28c868aba6f019358e14ca2fa12': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 580540,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 580608,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/101c285300edf78e1a4222032c0295908257c28c868aba6f019358e14ca2fa12'},
'10884471bd86e199f38dd97ea1c207bfedf5cc0ce5e7ebadb5a78b52a0776bc4': {'AddressOfEntryPoint': 121744,
'DebugRVA': 95104,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 94208,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'CLASSPNP.SYS': 'ClassFindModePage',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoSetDeviceInterfaceState',
'RtlInitUnicodeString',
'IoDeleteDevice',
'KeSetEvent',
'IoFreeWorkItem',
'KeInitializeEvent',
'RtlInitAnsiString',
'PoRequestPowerIrp',
'KeEnterCriticalRegion',
'PoSetPowerState',
'RtlFreeUnicodeString',
'wcsstr',
'ZwQueryValueKey',
'IoAllocateWorkItem',
'ZwClose',
'KeWaitForSingleObject',
'IoFreeIrp',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoQueueWorkItem',
'IoGetDeviceProperty',
'ObReferenceObjectByPointer',
'IoInvalidateDeviceState',
'ZwOpenKey',
'NlsMbCodePageTag',
'IoInitializeTimer',
'IoSetHardErrorOrVerifyDevice',
'IoStartTimer',
'IoIs32bitProcess',
'IoInvalidateDeviceRelations',
'IoFreeMdl',
'RtlxAnsiStringToUnicodeSize',
'IoStopTimer',
'MmProbeAndLockPages',
'IoRegisterDeviceInterface',
'KeResetEvent',
'IoBuildSynchronousFsdRequest',
'ExpInterlockedPopEntrySList',
'MmMapLockedPagesSpecifyCache',
'RtlCompareMemory',
'ObfReferenceObject',
'IoAcquireRemoveLockEx',
'IoGetConfigurationInformation',
'IoBuildDeviceIoControlRequest',
'ZwCreateKey',
'IoDeleteSymbolicLink',
'IoAllocateDriverObjectExtension',
'RtlIntegerToUnicodeString',
'ZwCreateDirectoryObject',
'ZwSetValueKey',
'IoDetachDevice',
'MmUnmapIoSpace',
'IoGetDeviceObjectPointer',
'MmMapIoSpace',
'RtlAppendUnicodeStringToString',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoIsWdmVersionAvailable',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoGetDriverObjectExtension',
'KeClearEvent',
'PsCreateSystemThread',
'ExInterlockedInsertTailList',
'PsTerminateSystemThread',
'ObReferenceObjectByHandle',
'KeBugCheckEx',
'RtlAnsiStringToUnicodeString',
'KeLeaveCriticalRegion',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateMdl',
'IoReleaseCancelSpinLock',
'ObfDereferenceObject',
'RtlCopyUnicodeString',
'ExInterlockedRemoveHeadList',
'IoAllocateIrp',
'IoGetAttachedDeviceReference',
'ExQueryDepthSList',
'PoStartNextPowerIrp',
'MmBuildMdlForNonPagedPool',
'KeReleaseSpinLock',
'ExpInterlockedPushEntrySList',
'PoRegisterDeviceForIdleDetection',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'MmUnlockPages',
'DbgPrint',
'RtlUnicodeToMultiByteN',
'__C_specific_handler',
'ClassInitializeSrbLookasideList',
'ClassClaimDevice',
'ClassDeviceControl',
'ClassSendDeviceIoControlSynchronous',
'ClassReadDriveCapacity',
'ClassCreateDeviceObject',
'ClassQueryTimeOutRegistryValue',
'ClassAcquireRemoveLockEx',
'ClassDeleteSrbLookasideList',
'ClassRemoveDevice',
'ClassReleaseRemoveLock',
'ClassCompleteRequest',
'ClassSendSrbSynchronous',
'ClassAsynchronousCompletion',
'ClassInitialize',
'ClassSendIrpSynchronous',
'ClassIoComplete',
'ClassFindModePage'],
'LinkerVersion': 10,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 109,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 6144,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 90112,
'DUMPDATA': 26112,
'INIT\x00\x00\x00\x00': 6656,
'PAGE\x00\x00\x00\x00': 5120},
'StackReserveSize': 262144,
'filename': './data/malware/10884471bd86e199f38dd97ea1c207bfedf5cc0ce5e7ebadb5a78b52a0776bc4'},
'10c3579049c2396b2cb5cbbcd8d7a6fcf479bf9c0e16f2909bb14b6b4d735768': {'AddressOfEntryPoint': 1074094045,
'DebugRVA': 234528,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 233472,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'SetStdHandle',
'SHELL32.dll': 'SHGetSpecialFolderPathW',
'USER32.dll': 'MessageBoxW',
'ole32.dll': 'OleInitialize'},
'ImportedFunctions': ['RegCreateKeyExW',
'RegQueryInfoKeyW',
'RegDeleteKeyW',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'RegOpenKeyExW',
'RegEnumKeyExW',
'RegCloseKey',
'RegSetValueExW',
'FreeLibrary',
'CreateProcessW',
'LoadLibraryExW',
'WaitForSingleObject',
'GetSystemDirectoryW',
'WideCharToMultiByte',
'Sleep',
'GetModuleFileNameW',
'lstrlenW',
'GetLastError',
'GetProcAddress',
'CloseHandle',
'GetWindowsDirectoryW',
'lstrcpyW',
'SetEndOfFile',
'CreateFileW',
'CreateFileA',
'GetLocaleInfoW',
'ReadFile',
'MultiByteToWideChar',
'InitializeCriticalSection',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'HeapFree',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoW',
'GetCPInfo',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetModuleHandleA',
'ExitProcess',
'RtlVirtualUnwind',
'HeapSetInformation',
'HeapCreate',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'SetHandleCount',
'GetStdHandle',
'GetFileType',
'GetStartupInfoA',
'WriteFile',
'GetConsoleCP',
'GetConsoleMode',
'FlushFileBuffers',
'HeapSize',
'SetFilePointer',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetACP',
'GetOEMCP',
'GetUserDefaultLCID',
'GetLocaleInfoA',
'EnumSystemLocalesA',
'IsValidLocale',
'IsValidCodePage',
'HeapReAlloc',
'LoadLibraryA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'SetStdHandle',
'MessageBoxW',
'SHFileOperationW',
'SHGetSpecialFolderPathW',
'OleUninitialize',
'OleInitialize'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 103,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 808,
'StackReserveSize': 1048576,
'filename': './data/malware/10c3579049c2396b2cb5cbbcd8d7a6fcf479bf9c0e16f2909bb14b6b4d735768'},
'1191213732f83276ce81fbd85549c6af72b22bba43fd9eb7524ea220a6eccc5f': {'AddressOfEntryPoint': 1073835089,
'DebugRVA': 5088,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'KERNEL32.dll': 'GetSystemTimeAsFileTime',
'msvcrt.dll': 'calloc',
'ntdll.dll': 'NtQueryValueKey'},
'ImportedFunctions': ['QueryDosDeviceW',
'FormatMessageW',
'GetModuleFileNameW',
'LocalFree',
'Sleep',
'GetLastError',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'GetModuleHandleW',
'SetUnhandledExceptionFilter',
'OutputDebugStringA',
'ReadFile',
'WriteFile',
'SetFilePointer',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SearchPathW',
'MapViewOfFile',
'UnmapViewOfFile',
'GetSystemDefaultUILanguage',
'FindResourceExW',
'FreeLibrary',
'LoadResource',
'LoadLibraryExW',
'GetLocaleInfoW',
'GetVersionExW',
'CreateFileW',
'SetLastError',
'CreateFileMappingW',
'GetUserDefaultUILanguage',
'CloseHandle',
'GetSystemTimeAsFileTime',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'free',
'isdigit',
'mbtowc',
'__mb_cur_max',
'isleadbyte',
'isxdigit',
'localeconv',
'_iob',
'_snprintf',
'_itoa',
'wctomb',
'malloc',
'ferror',
'iswctype',
'wcstombs',
'realloc',
'__badioinfo',
'__pioinfo',
'_read',
'_fileno',
'_lseeki64',
'_write',
'_isatty',
'ungetc',
'wcsstr',
'bsearch',
'wcsncmp',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_initterm',
'exit',
'_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_wcslwr',
'_errno',
'iswxdigit',
'_vsnwprintf',
'printf',
'isalpha',
'_wcsnicmp',
'_wcsicmp',
'_stricmp',
'calloc',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'NtResetEvent',
'NtCreateEvent',
'NtOpenDirectoryObject',
'RtlAllocateHeap',
'NtQueryDirectoryObject',
'NtWaitForSingleObject',
'NtQuerySymbolicLinkObject',
'NtOpenSymbolicLinkObject',
'RtlFreeHeap',
'NtDeviceIoControlFile',
'NtOpenFile',
'NtClose',
'RtlNtStatusToDosError',
'NtQueryVolumeInformationFile',
'NtFsControlFile',
'RtlInitUnicodeString',
'NtQuerySystemInformation',
'NtOpenKey',
'NtQueryValueKey',
'RegQueryValueExW',
'RegCloseKey',
'RegOpenKeyExW'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 112,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 15048,
'SectionNames': {'.data\x00\x00\x00': 23040,
'.pdata\x00\x00': 1536,
'.rsrc\x00\x00\x00': 15360,
'.text\x00\x00\x00': 69632,
'ۀ\x01\x00oc\x00\x00': 2048},
'StackReserveSize': 524288,
'filename': './data/malware/1191213732f83276ce81fbd85549c6af72b22bba43fd9eb7524ea220a6eccc5f'},
'124883126fb29d731189e33ce768577d2de4f70f34df60811a2d1925a4790170': {'AddressOfEntryPoint': 1978399,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 2096472,
'ImageBase': 5368709120,
'ImageVersion': 2,
'ImportedDLL': {'KERNEL32.dll': 'ExitVDM'},
'ImportedFunctions': ['OpenEventA',
'VirtualAlloc',
'OpenSemaphoreA',
'ExitVDM'],
'LinkerVersion': 6,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 4,
'NumberOfSections': 8,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.code\x00\x00\x00': 32768,
'.data\x00\x00\x00': 30208,
'.rdata\x00\x00': 2048,
'.reloc\x00\x00': 512,
'DATA\x00\x00\x00\x00': 85504},
'StackReserveSize': 1048576,
'filename': './data/malware/124883126fb29d731189e33ce768577d2de4f70f34df60811a2d1925a4790170'},
'12aa72f9c1d95b0796bf193c1dcc09a3694b6ba84252d748aff5e5d133832178': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 491272,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 491520,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/12aa72f9c1d95b0796bf193c1dcc09a3694b6ba84252d748aff5e5d133832178'},
'12c7ad0cb4e245b5d51dafb3d6ade6a22681c4a7ab19d919104cab333f956260': {'AddressOfEntryPoint': 18492,
'DebugRVA': 49776,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'HeapReAlloc'},
'ImportedFunctions': ['WriteProcessMemory',
'VirtualProtectEx',
'GetProcAddress',
'GetModuleHandleW',
'ReadProcessMemory',
'WideCharToMultiByte',
'OpenProcess',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'GetLastError',
'FlsAlloc',
'HeapAlloc',
'HeapFree',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'Sleep',
'ExitProcess',
'GetModuleFileNameW',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'LoadLibraryA',
'GetLocaleInfoA',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'InitializeCriticalSectionAndSpinCount',
'HeapReAlloc'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 65,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1424,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 14848,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 42496},
'StackReserveSize': 1048576,
'filename': './data/malware/12c7ad0cb4e245b5d51dafb3d6ade6a22681c4a7ab19d919104cab333f956260'},
'12fd18ddc4b6e27d6f0a4db4d473d0f014daf76486ce2809be21e9507c62a316': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 721772,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 721920,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/12fd18ddc4b6e27d6f0a4db4d473d0f014daf76486ce2809be21e9507c62a316'},
'133b13790a6150d75cb797b9d02f7986803c2fcd2c66135066a9d98a3b59f0b3': {'AddressOfEntryPoint': 22268,
'DebugRVA': 124304,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 122880,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'MD5Init',
'GDI32.dll': 'SetTextColor',
'KERNEL32.dll': 'GetModuleHandleW',
'OLEAUT32.dll': 'LoadTypeLibEx',
'RPCRT4.dll': 'UuidCreateSequential',
'SHELL32.dll': 'ShellExecuteExW',
'USER32.dll': 'SetWindowTextW',
'WS2_32.dll': 'WSACleanup',
'ntdll.dll': '__chkstk',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['ZwCreateSection',
'ZwOpenFile',
'RtlDosPathNameToNtPathName_U',
'LdrFindEntryForAddress',
'RtlImageNtHeader',
'LdrAccessResource',
'LdrFindResource_U',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'RtlFreeUnicodeString',
'ZwCreateKey',
'ZwSetValueKey',
'ZwQueryValueKey',
'ZwDeleteValueKey',
'ZwFlushKey',
'ZwEnumerateKey',
'ZwDeleteKey',
'memcmp',
'ZwOpenTimer',
'ZwSetTimer',
'ZwDeleteFile',
'memcpy',
'RtlIpv4StringToAddressW',
'RtlIpv4AddressToStringA',
'memset',
'ZwWriteFile',
'strtoul',
'ZwCreateFile',
'ZwQueryInformationFile',
'ZwSetInformationFile',
'RtlIpv4AddressToStringExA',
'ZwQueryInformationProcess',
'RtlGetCurrentPeb',
'RtlPrefixUnicodeString',
'RtlNtStatusToDosError',
'LdrUnloadDll',
'LdrAddRefDll',
'sprintf',
'strlen',
'ZwRaiseHardError',
'wcsstr',
'RtlAdjustPrivilege',
'LdrLoadDll',
'RtlInitUnicodeString',
'wcscpy',
'ZwClose',
'ZwQueryKey',
'ZwImpersonateThread',
'ZwOpenThread',
'ZwOpenKey',
'RtlComputeCrc32',
'wcslen',
'swprintf',
'ZwSetContextThread',
'ZwProtectVirtualMemory',
'ZwWaitForSingleObject',
'ZwGetContextThread',
'RtlExitUserThread',
'RtlCreateUserThread',
'ZwDuplicateObject',
'ZwOpenProcess',
'RtlEqualUnicodeString',
'ZwQuerySystemInformation',
'ZwResumeThread',
'ZwQueueApcThread',
'ZwAllocateVirtualMemory',
'ZwSetInformationToken',
'ZwDuplicateToken',
'ZwAdjustPrivilegesToken',
'ZwOpenThreadTokenEx',
'ZwWriteVirtualMemory',
'ZwReadVirtualMemory',
'wcschr',
'__chkstk',
'SetThreadLocale',
'CreateTimerQueueTimer',
'DeleteTimerQueueTimer',
'GetSystemTimeAsFileTime',
'GetLastError',
'BindIoCompletionCallback',
'WideCharToMultiByte',
'CopyFileW',
'CreateProcessW',
'ExitThread',
'GetCommandLineW',
'LoadLibraryW',
'VirtualProtect',
'LoadLibraryExW',
'ExitProcess',
'FreeLibraryAndExitThread',
'Sleep',
'GetSystemDefaultLangID',
'GetVersion',
'LocalFree',
'LocalAlloc',
'VirtualAlloc',
'VirtualFree',
'FormatMessageW',
'GetModuleHandleW',
'MD5Update',
'MD5Final',
'CreateProcessAsUserW',
'RegisterServiceCtrlHandlerExW',
'SetServiceStatus',
'StartServiceCtrlDispatcherW',
'MD5Init',
'GetWindowLongW',
'SetDlgItemTextW',
'SetWindowPos',
'LoadIconW',
'SetWindowLongW',
'GetWindowLongPtrW',
'SetWindowLongPtrW',
'DialogBoxParamW',
'PostMessageW',
'EndDialog',
'SendMessageW',
'GetClientRect',
'FindWindowW',
'GetDlgItem',
'MessageBoxW',
'GetSystemMetrics',
'CreateWindowExW',
'AdjustWindowRect',
'DefWindowProcW',
'PostQuitMessage',
'DestroyWindow',
'OpenDesktopW',
'SetThreadDesktop',
'DestroyIcon',
'UnregisterClassW',
'DispatchMessageW',
'TranslateMessage',
'GetActiveWindow',
'GetMessageW',
'RegisterClassW',
'LoadCursorW',
'SetWindowTextW',
'UuidCreateSequential',
'GetStockObject',
'SetBkColor',
'SetTextColor',
'ShellExecuteExW',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'SysAllocString',
'SysFreeString',
'VariantClear',
'LoadTypeLibEx',
'WSAStartup',
'WSASocketW',
'WSAGetLastError',
'closesocket',
'bind',
'WSAIoctl',
'WSARecv',
'WSASend',
'setsockopt',
'WSASendTo',
'WSARecvFrom',
'WSACleanup'],
'LinkerVersion': 9,
'NumberOfImportDLL': 12,
'NumberOfImportFunctions': 162,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 10104,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 14336,
'.rsrc\x00\x00\x00': 10240,
'.text\x00\x00\x00': 115200},
'StackReserveSize': 1048576,
'filename': './data/malware/133b13790a6150d75cb797b9d02f7986803c2fcd2c66135066a9d98a3b59f0b3'},
'133cb2f76051ce78533347aebf651fbaa80e4e9155930b6ec7900ae7816d0f58': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1326804,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1327104,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/133cb2f76051ce78533347aebf651fbaa80e4e9155930b6ec7900ae7816d0f58'},
'13ab431291a9b486bcb7e07a5c6f4ef46d7aa932a1dadd4d52f2b52dda6db413': {'AddressOfEntryPoint': 1073915596,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'DIFXAPI.dll': 'DIFXAPISetLogCallbackA',
'KERNEL32.dll': 'InitializeCriticalSectionAndSpinCount',
'SETUPAPI.dll': 'SetupDiDestroyDeviceInfoList'},
'ImportedFunctions': ['GetEnvironmentVariableA',
'GetFullPathNameA',
'CreateFileA',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'FlushFileBuffers',
'HeapReAlloc',
'SetEndOfFile',
'WriteFile',
'CloseHandle',
'WriteConsoleW',
'GetLastError',
'GetCommandLineA',
'HeapFree',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'RaiseException',
'RtlPcToFileHeader',
'RtlUnwindEx',
'EnterCriticalSection',
'LeaveCriticalSection',
'LCMapStringA',
'WideCharToMultiByte',
'MultiByteToWideChar',
'LCMapStringW',
'GetModuleHandleW',
'Sleep',
'GetProcAddress',
'ExitProcess',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapSize',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'LoadLibraryA',
'InitializeCriticalSectionAndSpinCount',
'SetupDiGetDeviceInfoListDetailA',
'CM_Get_Device_ID_ExA',
'SetupDiSetClassInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiGetDeviceInstallParamsA',
'SetupDiGetClassDevsA',
'SetupDiEnumDeviceInfo',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiDestroyDeviceInfoList',
'DriverPackagePreinstallA',
'DriverPackageInstallA',
'DriverPackageGetPathA',
'DIFXAPISetLogCallbackA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 87,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'StackReserveSize': 1048576,
'filename': './data/malware/13ab431291a9b486bcb7e07a5c6f4ef46d7aa932a1dadd4d52f2b52dda6db413'},
'13abc28b2269a73c8d621fb88b487b7e83c6ee014816493f0d78281a504ffeb0': {'AddressOfEntryPoint': 52904,
'DebugRVA': 95600,
'DebugSize': 28,
'Dll': 33024,
'ExportRVA': 104464,
'ExportSize': 51,
'IATRVA': 94208,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'COMDLG32.dll': 'GetSaveFileNameA',
'GDI32.dll': 'DeleteDC',
'KERNEL32.dll': 'DosDateTimeToFileTime',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'SHChangeNotify',
'USER32.dll': 'DispatchMessageA',
'ole32.dll': 'CLSIDFromString'},
'ImportedFunctions': ['DeleteFileA',
'DeleteFileW',
'CreateDirectoryA',
'CreateDirectoryW',
'FindClose',
'FindNextFileA',
'FindFirstFileA',
'FindNextFileW',
'FindFirstFileW',
'GetTickCount',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetVersionExA',
'GlobalAlloc',
'lstrlenA',
'GetModuleFileNameA',
'FindResourceA',
'GetModuleHandleA',
'HeapAlloc',
'GetProcessHeap',
'HeapFree',
'HeapReAlloc',
'CompareStringA',
'ExitProcess',
'GetLocaleInfoA',
'GetNumberFormatA',
'lstrcmpiA',
'GetProcAddress',
'GetDateFormatA',
'GetTimeFormatA',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'ExpandEnvironmentStringsA',
'WaitForSingleObject',
'SetCurrentDirectoryA',
'Sleep',
'GetTempPathA',
'MoveFileExA',
'UnmapViewOfFile',
'GetCommandLineA',
'MapViewOfFile',
'CreateFileMappingA',
'GetModuleFileNameW',
'SetEnvironmentVariableA',
'OpenFileMappingA',
'LocalFileTimeToFileTime',
'SystemTimeToFileTime',
'GetSystemTime',
'IsDBCSLeadByte',
'GetCPInfo',
'FreeLibrary',
'LoadLibraryA',
'GetCurrentDirectoryA',
'GetFullPathNameA',
'SetFileAttributesW',
'SetFileAttributesA',
'GetFileAttributesW',
'GetFileAttributesA',
'WriteFile',
'GetStdHandle',
'SetLastError',
'ReadFile',
'CreateFileW',
'CreateFileA',
'GetFileType',
'SetEndOfFile',
'SetFilePointer',
'MoveFileA',
'SetFileTime',
'GetCurrentProcess',
'CloseHandle',
'GetLastError',
'DosDateTimeToFileTime',
'FindWindowExA',
'GetClassNameA',
'ReleaseDC',
'GetDC',
'SendMessageA',
'wsprintfA',
'SetDlgItemTextA',
'EndDialog',
'DestroyIcon',
'SendDlgItemMessageA',
'GetDlgItemTextA',
'DialogBoxParamA',
'IsWindowVisible',
'WaitForInputIdle',
'GetSysColor',
'PostMessageA',
'SetMenu',
'SetFocus',
'LoadBitmapA',
'LoadIconA',
'CharToOemA',
'OemToCharA',
'wvsprintfA',
'SetWindowLongA',
'CharUpperA',
'GetWindowRect',
'GetParent',
'MapWindowPoints',
'CreateWindowExA',
'UpdateWindow',
'SetWindowTextA',
'LoadCursorA',
'RegisterClassExA',
'SetWindowLongPtrA',
'GetWindowLongPtrA',
'DefWindowProcA',
'PeekMessageA',
'GetMessageA',
'TranslateMessage',
'DestroyWindow',
'GetClientRect',
'CopyRect',
'IsWindow',
'MessageBoxA',
'ShowWindow',
'GetDlgItem',
'EnableWindow',
'CharToOemBuffA',
'LoadStringA',
'SetWindowPos',
'GetWindowTextA',
'GetSystemMetrics',
'GetWindow',
'GetWindowLongA',
'OemToCharBuffA',
'DispatchMessageA',
'GetDeviceCaps',
'GetObjectA',
'CreateCompatibleBitmap',
'SelectObject',
'StretchBlt',
'CreateCompatibleDC',
'DeleteObject',
'DeleteDC',
'GetOpenFileNameA',
'CommDlgExtendedError',
'GetSaveFileNameA',
'LookupPrivilegeValueA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCreateKeyExA',
'RegSetValueExA',
'RegCloseKey',
'SetFileSecurityW',
'SetFileSecurityA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'ShellExecuteExA',
'SHFileOperationA',
'SHGetFileInfoA',
'SHGetSpecialFolderLocation',
'SHGetMalloc',
'SHBrowseForFolderA',
'SHGetPathFromIDListA',
'SHChangeNotify',
'CreateStreamOnHGlobal',
'OleInitialize',
'CoCreateInstance',
'OleUninitialize',
'CLSIDFromString',
'VariantInit'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 164,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 117092,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 4096,
'.rdata\x00\x00': 10752,
'.rsrc\x00\x00\x00': 117248,
'.text\x00\x00\x00': 86528},
'StackReserveSize': 1048576,
'filename': './data/malware/13abc28b2269a73c8d621fb88b487b7e83c6ee014816493f0d78281a504ffeb0'},
'1410447de4851cfca8e9d1aafbe0fd2cc3d06d2201929b683417e7cc2269b084': {'AddressOfEntryPoint': 217088,
'DebugRVA': 46864,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 0,
'OSVersion': 6,
'ResSize': 127328,
'SectionNames': {},
'StackReserveSize': 524288,
'filename': './data/malware/1410447de4851cfca8e9d1aafbe0fd2cc3d06d2201929b683417e7cc2269b084'},
'1464e665566b7cafbfdc7aaa0c67e5daa4c92002abc87941805c527aa15bcb35': {'AddressOfEntryPoint': 77616,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 180224,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'COMCTL32.dll': 'CreateStatusWindowW',
'KERNEL32.dll': 'LeaveCriticalSection',
'SHELL32.dll': 'SHGetDesktopFolder',
'USER32.dll': 'LoadAcceleratorsW',
'comdlg32.dll': 'GetSaveFileNameW'},
'ImportedFunctions': ['InitCommonControlsEx',
'CreateStatusWindowW',
'GetCurrentDirectoryW',
'GetModuleFileNameW',
'GetFullPathNameW',
'InitializeCriticalSection',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'DeleteFileW',
'CompareStringW',
'GetCommandLineW',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'LoadLibraryExW',
'EnumResourceNamesW',
'FreeLibrary',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'CreateFileW',
'CreateFileMappingW',
'MapViewOfFile',
'UnmapViewOfFile',
'CloseHandle',
'ReadFile',
'SetFilePointer',
'CreateProcessW',
'GetExitCodeProcess',
'Sleep',
'FindFirstFileW',
'FindClose',
'GetFileAttributesW',
'GetFileSize',
'CopyFileW',
'GetFileTime',
'GetTempFileNameW',
'GetDriveTypeA',
'GetCurrentDirectoryA',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'FlushFileBuffers',
'GetTimeZoneInformation',
'HeapReAlloc',
'LoadLibraryA',
'GetLocaleInfoA',
'GetStringTypeW',
'GetStringTypeA',
'GetCurrentProcessId',
'GetTickCount',
'QueryPerformanceCounter',
'GetCommandLineA',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'HeapSize',
'LCMapStringW',
'LCMapStringA',
'RtlVirtualUnwind',
'GetConsoleMode',
'GetConsoleCP',
'HeapCreate',
'HeapSetInformation',
'GetModuleFileNameA',
'WriteFile',
'DeleteCriticalSection',
'GetTempPathW',
'CreateFileA',
'SetEndOfFile',
'CompareStringA',
'GetStartupInfoA',
'SetEnvironmentVariableA',
'GetStdHandle',
'SetHandleCount',
'ExitThread',
'GetCurrentThreadId',
'GetLastError',
'CreateThread',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'GetFileInformationByHandle',
'PeekNamedPipe',
'GetFileType',
'HeapAlloc',
'HeapFree',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlCaptureContext',
'GetSystemTimeAsFileTime',
'GetVersionExA',
'GetProcessHeap',
'GetStartupInfoW',
'RaiseException',
'RtlPcToFileHeader',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetModuleHandleA',
'GetProcAddress',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'TlsSetValue',
'FlsAlloc',
'ExitProcess',
'SetStdHandle',
'EnterCriticalSection',
'LeaveCriticalSection',
'PostMessageW',
'DestroyIcon',
'CharUpperW',
'MessageBoxW',
'RegisterClassExW',
'LoadIconW',
'LoadImageW',
'LoadCursorW',
'GetSystemMenu',
'DispatchMessageW',
'EnableMenuItem',
'TranslateMessage',
'EnableWindow',
'IsDialogMessageW',
'SendMessageW',
'TranslateAcceleratorW',
'LoadStringW',
'GetMessageW',
'GetDlgItem',
'MessageBoxA',
'SetFocus',
'EndDialog',
'UpdateWindow',
'DialogBoxParamW',
'ShowWindow',
'GetDlgItemTextW',
'SendDlgItemMessageW',
'CheckMenuItem',
'MessageBeep',
'GetMenu',
'CheckMenuRadioItem',
'DefWindowProcW',
'SetDlgItemTextW',
'SetCursor',
'CreateDialogParamW',
'PostQuitMessage',
'LoadAcceleratorsW',
'GetOpenFileNameW',
'GetSaveFileNameW',
'RegCreateKeyExW',
'RegSetValueExW',
'RegQueryValueExW',
'RegCloseKey',
'RegOpenKeyExW',
'SHGetPathFromIDListW',
'SHGetMalloc',
'SHGetDesktopFolder'],
'LinkerVersion': 8,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 165,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 105368,
'SectionNames': {'.data\x00\x00\x00': 7168,
'.pdata\x00\x00': 9728,
'.rdata\x00\x00': 44544,
'.rsrc\x00\x00\x00': 105472,
'.text\x00\x00\x00': 176128},
'StackReserveSize': 1048576,
'filename': './data/malware/1464e665566b7cafbfdc7aaa0c67e5daa4c92002abc87941805c527aa15bcb35'},
'14905373243166ea424db6c3b4923c1882fa92d637713fc8c681cb9ef5c36c6c': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 440652,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 440832,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/14905373243166ea424db6c3b4923c1882fa92d637713fc8c681cb9ef5c36c6c'},
'14d06b21ab235a0c4259e0002c7cdf653491167da4f02fb4820f0ce8bd067800': {'AddressOfEntryPoint': 55200,
'DebugRVA': 257128,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 258048,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1736,
'SectionNames': {'.data\x00\x00\x00': 9728,
'.pdata\x00\x00': 16384,
'.rdata\x00\x00': 82944,
'.reloc\x00\x00': 3072,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 253440},
'StackReserveSize': 524288,
'filename': './data/malware/14d06b21ab235a0c4259e0002c7cdf653491167da4f02fb4820f0ce8bd067800'},
'14eb6038b34896245ff06998d98c4d7188292ec9899531222542b980aece72f8': {'AddressOfEntryPoint': 36964,
'DebugRVA': 24768,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NTOSKRNL.exe': 'KeBugCheckEx',
'PCIIDEX.SYS': 'AtaPortWriteRegisterUlong'},
'ImportedFunctions': ['AtaPortCopyMemory',
'AtaPortGetPhysicalAddress',
'AtaPortReadRegisterUlong',
'AtaPortInitializeEx',
'AtaPortDeviceStateChange',
'AtaPortEtwTraceLog',
'AtaPortRegistryFreeBuffer',
'AtaPortGetBusData',
'AtaPortRegistryRead',
'AtaPortRequestCallback',
'AtaPortStallExecution',
'AtaPortGetUnCachedExtension',
'AtaPortReadRegisterUchar',
'AtaPortBuildRequestSenseIrb',
'AtaPortReleaseRequestSenseIrb',
'AtaPortCompleteRequest',
'AtaPortNotification',
'AtaPortGetDeviceBase',
'AtaPortGetScatterGatherList',
'AtaPortRegistryAllocateBuffer',
'AtaPortWriteRegisterUlong',
'KeBugCheckEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 22,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1032,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 17920,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/14eb6038b34896245ff06998d98c4d7188292ec9899531222542b980aece72f8'},
'153b5a09d89213a8164dc511bccf4530af70853b89efd9babe0499777d154852': {'AddressOfEntryPoint': 121744,
'DebugRVA': 95104,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 94208,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'CLASSPNP.SYS': 'ClassFindModePage',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoSetDeviceInterfaceState',
'RtlInitUnicodeString',
'IoDeleteDevice',
'KeSetEvent',
'IoFreeWorkItem',
'KeInitializeEvent',
'RtlInitAnsiString',
'PoRequestPowerIrp',
'KeEnterCriticalRegion',
'PoSetPowerState',
'RtlFreeUnicodeString',
'wcsstr',
'ZwQueryValueKey',
'IoAllocateWorkItem',
'ZwClose',
'KeWaitForSingleObject',
'IoFreeIrp',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoQueueWorkItem',
'IoGetDeviceProperty',
'ObReferenceObjectByPointer',
'IoInvalidateDeviceState',
'ZwOpenKey',
'NlsMbCodePageTag',
'IoInitializeTimer',
'IoSetHardErrorOrVerifyDevice',
'IoStartTimer',
'IoIs32bitProcess',
'IoInvalidateDeviceRelations',
'IoFreeMdl',
'RtlxAnsiStringToUnicodeSize',
'IoStopTimer',
'MmProbeAndLockPages',
'IoRegisterDeviceInterface',
'KeResetEvent',
'IoBuildSynchronousFsdRequest',
'ExpInterlockedPopEntrySList',
'MmMapLockedPagesSpecifyCache',
'RtlCompareMemory',
'ObfReferenceObject',
'IoAcquireRemoveLockEx',
'IoGetConfigurationInformation',
'IoBuildDeviceIoControlRequest',
'ZwCreateKey',
'IoDeleteSymbolicLink',
'IoAllocateDriverObjectExtension',
'RtlIntegerToUnicodeString',
'ZwCreateDirectoryObject',
'ZwSetValueKey',
'IoDetachDevice',
'MmUnmapIoSpace',
'IoGetDeviceObjectPointer',
'MmMapIoSpace',
'RtlAppendUnicodeStringToString',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoIsWdmVersionAvailable',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoGetDriverObjectExtension',
'KeClearEvent',
'PsCreateSystemThread',
'ExInterlockedInsertTailList',
'PsTerminateSystemThread',
'ObReferenceObjectByHandle',
'KeBugCheckEx',
'RtlAnsiStringToUnicodeString',
'KeLeaveCriticalRegion',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateMdl',
'IoReleaseCancelSpinLock',
'ObfDereferenceObject',
'RtlCopyUnicodeString',
'ExInterlockedRemoveHeadList',
'IoAllocateIrp',
'IoGetAttachedDeviceReference',
'ExQueryDepthSList',
'PoStartNextPowerIrp',
'MmBuildMdlForNonPagedPool',
'KeReleaseSpinLock',
'ExpInterlockedPushEntrySList',
'PoRegisterDeviceForIdleDetection',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'MmUnlockPages',
'DbgPrint',
'RtlUnicodeToMultiByteN',
'__C_specific_handler',
'ClassInitializeSrbLookasideList',
'ClassClaimDevice',
'ClassDeviceControl',
'ClassSendDeviceIoControlSynchronous',
'ClassReadDriveCapacity',
'ClassCreateDeviceObject',
'ClassQueryTimeOutRegistryValue',
'ClassAcquireRemoveLockEx',
'ClassDeleteSrbLookasideList',
'ClassRemoveDevice',
'ClassReleaseRemoveLock',
'ClassCompleteRequest',
'ClassSendSrbSynchronous',
'ClassAsynchronousCompletion',
'ClassInitialize',
'ClassSendIrpSynchronous',
'ClassIoComplete',
'ClassFindModePage'],
'LinkerVersion': 10,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 109,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 6144,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 90112,
'DUMPDATA': 26112,
'INIT\x00\x00\x00\x00': 6656,
'PAGE\x00\x00\x00\x00': 5120},
'StackReserveSize': 262144,
'filename': './data/malware/153b5a09d89213a8164dc511bccf4530af70853b89efd9babe0499777d154852'},
'1578893a802d00f6f5cede6b4ae74a82e844761a5666e5b0efcbe648e6741fc5': {'AddressOfEntryPoint': 81180,
'DebugRVA': 173760,
'DebugSize': 56,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 172032,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'ksecdd.sys': 'BCryptFinishHash',
'mrxsmb.sys': 'SmbCeReferenceServerEntry',
'ntoskrnl.exe': 'IoAllocateMdl',
'rdbss.sys': 'RxNameCacheExpireEntry'},
'ImportedFunctions': ['ExAcquireRundownProtection',
'ExReleaseRundownProtection',
'ExWaitForRundownProtectionRelease',
'ExReleaseResourceLite',
'ExInitializeRundownProtection',
'ExAcquireResourceExclusiveLite',
'ExDeleteResourceLite',
'ExInitializeResourceLite',
'RtlAppendUnicodeStringToString',
'RtlInt64ToUnicodeString',
'RtlUpcaseUnicodeChar',
'__C_specific_handler',
'RtlUpcaseUnicodeString',
'FsRtlCancellableWaitForSingleObject',
'ExfReleasePushLock',
'RtlHashUnicodeString',
'FsRtlIsNameInExpression',
'RtlEqualUnicodeString',
'IoSetTopLevelIrp',
'IoGetTopLevelIrp',
'ObfDereferenceObject',
'KeInitializeEvent',
'ExIsResourceAcquiredExclusiveLite',
'KeSetEvent',
'IoSetFileOrigin',
'IoGetRelatedDeviceObject',
'ObReferenceObjectByHandle',
'ZwClose',
'ZwWaitForSingleObject',
'ZwFsControlFile',
'ZwOpenFile',
'KeWaitForSingleObject',
'ExReleaseSpinLockShared',
'ExAcquireSpinLockShared',
'RtlFindLeastSignificantBit',
'ExUuidCreate',
'LsaFreeReturnBuffer',
'KeReleaseInStackQueuedSpinLock',
'KeAcquireInStackQueuedSpinLock',
'IoIs32bitProcess',
'RtlLengthSecurityDescriptor',
'KeReleaseSpinLock',
'KeAcquireSpinLockRaiseToDpc',
'ExfReleasePushLockShared',
'ExfAcquirePushLockShared',
'IoBuildPartialMdl',
'RtlLengthSid',
'RtlValidRelativeSecurityDescriptor',
'KeDelayExecutionThread',
'KeFlushQueuedDpcs',
'EtwRegister',
'EtwUnregister',
'MmResetDriverPaging',
'IoWMIRegistrationControl',
'MmGetSystemRoutineAddress',
'RtlInitUnicodeString',
'KeUnstackDetachProcess',
'ProbeForWrite',
'ProbeForRead',
'IoGetRequestorProcess',
'KeStackAttachProcess',
'ExfTryToWakePushLock',
'ExfAcquirePushLockExclusive',
'FsRtlFreeExtraCreateParameter',
'FsRtlInsertExtraCreateParameter',
'FsRtlAllocateExtraCreateParameter',
'FsRtlAcknowledgeEcp',
'FsRtlFindExtraCreateParameter',
'FsRtlGetNextExtraCreateParameter',
'FsRtlValidateReparsePointBuffer',
'KeQueryTimeIncrement',
'MmUnlockPages',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'toupper',
'MmMapLockedPagesSpecifyCache',
'ExReleaseSpinLockExclusive',
'ExAcquireSpinLockExclusive',
'RtlCompareMemory',
'EtwWrite',
'IoFreeMdl',
'MmBuildMdlForNonPagedPool',
'IoAllocateMdl',
'KeQueryPerformanceCounter',
'RxNameCacheFinalize',
'RxNameCacheInitializeEx',
'RxClearMinirdrCancelRoutine',
'RxNameCacheExpireEntriesWithPrefix',
'RxTearDownDiagnosticLogger',
'RxInitializeDiagnosticLogger',
'RxGetRDBSSProcess',
'RxDisableLocalBuffering',
'RxPostToWorkerThread',
'RxForceScavengerToRun',
'RxCancelContext',
'RxNameCacheCheckEntry',
'RxNameCacheActivateEntry',
'RxNameCacheCreateEntryEx',
'RxNameCacheFetchEntryEx',
'RxCrackPathName',
'RxDiagnosticTrace',
'RxIndicateChangeOfOplockStateWithCreateHint',
'RxLowIoGetBufferAddress',
'RxLockEnumerator',
'RxCreateRxContext',
'RxDereferenceAndDeleteRxContext_Real',
'RxQueryNetRootCachingMode',
'RxIndicateChangeOfOplockState',
'RxFcbScavengeRelatedFobxs',
'RxOrphanSrvOpen',
'RxProcessFcbChangeBufferingStateRequest',
'RxRegisterSrvOpenWithBufferingManager',
'RxRegisterFcbWithBufferingManager',
'RxFinishFcbInitialization',
'RxIndicateChangeOfOplockStateForTarget',
'RxCreateNetFobx',
'RxLowIoCompletion',
'RxDispatchToWorkerThread',
'RxNameCacheExpireEntry',
'BCryptGenerateSymmetricKey',
'BCryptKeyDerivation',
'BCryptDestroyKey',
'SecMakeSPNEx2',
'AcquireCredentialsHandleW',
'MapSecurityError',
'InitializeSecurityContextW',
'QueryContextAttributesW',
'BCryptDestroyHash',
'FreeContextBuffer',
'GetSecurityUserInfo',
'BCryptOpenAlgorithmProvider',
'BCryptCloseAlgorithmProvider',
'BCryptGetProperty',
'BCryptCreateHash',
'BCryptDuplicateHash',
'BCryptHashData',
'BCryptFinishHash',
'SmbCeReferenceExchange',
'SmbCeDereferenceExchange',
'SmbCeWaitForCompletionAndFinalizeExchangeEx',
'SmbCeInitiateExchange',
'SmbCeInitializeExchange',
'SubRdrBuildDialectRevisionNegotiateList',
'SmbCseFinalizeBufferContext',
'SmbCeDereferenceVNetRootContext',
'MRxSmbDeviceObject',
'SmbCeReferenceVNetRootContext',
'SmbCeSetConnectionKeepalive',
'SmbCeDisconnectServerEntryLite',
'SmbCeRuntimeContext',
'SmbCeContinueExchange',
'SmbCeCheckServerEntryDialect',
'MRxSmbGetConfigurationBlock',
'SmbCseSubmitBufferContext',
'SmbCseInitializeBufferContextWithMemoryRegistration',
'MRxSmbIsStreamFile',
'SmbCeRecoverSessionEntryLite',
'SmbCeAllocateExchangeBuffer',
'SmbCeAssociateExchangeWithCompoundingKeyEx',
'FsRtlValidateFileInformationBufferEx',
'SmbCeQueryOptimalBufferSize',
'SmbCseAllocateCompoundingKey',
'SmbCseReleaseCompoundingKey',
'SmbCseDereferenceCompoundingKey',
'SmbCeInitializeConnectionInfo',
'MRxSmbCreateVNetRoot',
'MRxSmbUpdateNetRootState',
'MRxSmbExtractNetRootName',
'MRxSmbFinalizeSrvCall',
'MRxSmbFinalizeNetRoot',
'MRxSmbFinalizeVNetRoot',
'MRxSmbGetShareRights',
'MRxSmbDeallocateForFcb',
'MRxSmbDeallocateForSrvOpen',
'MRxSmb2QueryConnectionPerformance',
'MRxSmbDeregisterDialect',
'MRxSmbDeregisterSubRedirector',
'MRxSmbRegisterSubRedirector',
'MRxSmbRegisterDialect',
'MRxSmbInitializeRecurrentService',
'MRxSmbActivateRecurrentService',
'MRxSmbShutdownRecurrentService',
'SubRdrGetDialectIndex',
'SmbCeSetServerBufferSizes',
'SmbCeSetExchangeExpiryTimeEx',
'SmbCeAllocateImplicitExchangeBuffer',
'VctReleaseEncryptionKey',
'VctCreateAndCacheEncryptionKey',
'VctReferenceEncryptionKey',
'SmbCeReferenceBindingObject',
'UninitializeSecurityContextForBindingObject',
'SmbCseReferenceCompoundingKey',
'SmbCeDereferenceBindingObject',
'SmbCeFreeExchangeBuffer',
'SmbCseGetMemoryDescriptors',
'SmbCseEstimateRequiredCreditsLite',
'SmbCeReferenceSessionEntry',
'SmbCeEstablishMultipleChannels',
'SmbCeDereferenceSessionEntryEx',
'MRxSmbDeallocateForFobx',
'SmbCepCompleteExchangeLite',
'SmbCeSwitchConnectionObjectTransport',
'SmbCeSuspendExchangeLite',
'SmbCeResumeSuspendedExchangesLite',
'MRxSmbPreparseName',
'SmbCeTranslateObjectState',
'VctDereferenceEndpoint',
'VctReferenceEndpoint',
'VctMarkConnectionForLargeMtu',
'SmbCeReferenceServerEntry'],
'LinkerVersion': 10,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 210,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1032,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 9728,
'.rdata\x00\x00': 18944,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 166400,
'ALMOSTRO': 1024,
'INIT\x00\x00\x00\x00': 7680,
'PAGE\x00\x00\x00\x00': 5120},
'StackReserveSize': 262144,
'filename': './data/malware/1578893a802d00f6f5cede6b4ae74a82e844761a5666e5b0efcbe648e6741fc5'},
'15add92599f9e46fbb9083de921f2bb6d6a5850c500c637b72baca52da8b7750': {'AddressOfEntryPoint': 51236,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 77824,
'ExportSize': 12984088,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'GetVolumeInformationA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'GetFileVersionInfoSizeA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['RegCloseKey',
'RegQueryInfoKeyA',
'GetTokenInformation',
'FreeSid',
'RegSetValueExA',
'LookupPrivilegeValueA',
'RegDeleteValueA',
'RegCreateKeyExA',
'AllocateAndInitializeSid',
'EqualSid',
'RegQueryValueExA',
'RegOpenKeyExA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'WritePrivateProfileStringA',
'LocalFree',
'FindFirstFileA',
'_lclose',
'DeleteFileA',
'lstrlenA',
'GetLastError',
'GetFileAttributesA',
'ExpandEnvironmentStringsA',
'GetProcAddress',
'_llseek',
'GetWindowsDirectoryA',
'RemoveDirectoryA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'FreeLibrary',
'GetModuleFileNameA',
'FindNextFileA',
'SetFileAttributesA',
'GlobalFree',
'GetCurrentProcess',
'FindClose',
'GetPrivateProfileStringA',
'CompareStringA',
'LoadLibraryA',
'GlobalAlloc',
'GlobalUnlock',
'GlobalLock',
'GetPrivateProfileIntA',
'_lopen',
'GetShortPathNameA',
'LoadLibraryExA',
'ExitProcess',
'CloseHandle',
'GetCurrentDirectoryA',
'WriteFile',
'DosDateTimeToFileTime',
'SetCurrentDirectoryA',
'CreateFileA',
'FindResourceA',
'GetDriveTypeA',
'GetVersionExA',
'SetFilePointer',
'GetVersion',
'FreeResource',
'GetTempPathA',
'GetTempFileNameA',
'CreateThread',
'ResetEvent',
'LocalFileTimeToFileTime',
'CreateDirectoryA',
'TerminateThread',
'LoadResource',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'LockResource',
'WaitForSingleObject',
'CreateProcessA',
'SetEvent',
'ReadFile',
'GetSystemInfo',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'Sleep',
'CreateMutexA',
'lstrcmpA',
'LocalAlloc',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'GetVolumeInformationA',
'GetDeviceCaps',
'CallWindowProcA',
'PeekMessageA',
'EnableWindow',
'SetWindowTextA',
'DispatchMessageA',
'MessageBoxA',
'SetForegroundWindow',
'SetWindowLongPtrA',
'MsgWaitForMultipleObjects',
'ShowWindow',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'GetDlgItem',
'SendMessageA',
'GetWindowRect',
'GetWindowLongPtrA',
'SendDlgItemMessageA',
'GetDC',
'SetWindowPos',
'SetDlgItemTextA',
'MessageBeep',
'CharUpperA',
'EndDialog',
'CharNextA',
'GetDesktopWindow',
'ExitWindowsEx',
'CharPrevA',
'LoadStringA',
'ReleaseDC',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'VerQueryValueA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 12985100,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 12985344,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/15add92599f9e46fbb9083de921f2bb6d6a5850c500c637b72baca52da8b7750'},
'16866b1e5201d4d3a8a63100fe7fd6d74fa36b5648b3bcd4e12267f8827f597f': {'AddressOfEntryPoint': 12976,
'DebugRVA': 123024,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 122880,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'twiutorp.vzq': 'QuhpWissUetrme'},
'ImportedFunctions': ['UqisQmvrLkcArsnw',
'QuhpWissUetrme'],
'LinkerVersion': 8,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 2,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 1840,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 4608,
'.rdata\x00\x00': 8704,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 116736,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/16866b1e5201d4d3a8a63100fe7fd6d74fa36b5648b3bcd4e12267f8827f597f'},
'16a8a52f7c6699dfce18c9913aa748da7a62900f4d5b049d1984cecda95b7a94': {'AddressOfEntryPoint': 107836,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 39104,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 39424,
'.text\x00\x00\x00': 596992,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/16a8a52f7c6699dfce18c9913aa748da7a62900f4d5b049d1984cecda95b7a94'},
'16aa94d26d21f07a7bad5cb9bb027229aed63bd5e746c6ded2366a60204063a6': {'AddressOfEntryPoint': 59120,
'DebugRVA': 196172,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 196608,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 147872,
'SectionNames': {'.data\x00\x00\x00': 3584,
'.pdata\x00\x00': 14848,
'.rdata\x00\x00': 65536,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 147968,
'.text\x00\x00\x00': 192512},
'StackReserveSize': 524288,
'filename': './data/malware/16aa94d26d21f07a7bad5cb9bb027229aed63bd5e746c6ded2366a60204063a6'},
'1726f58f49655d41116942b87f5bfa55c53c2280f15350731bb54fe52ff9b765': {'AddressOfEntryPoint': 387608,
'DebugRVA': 540032,
'DebugSize': 56,
'Dll': 33024,
'ExportRVA': 845408,
'ExportSize': 271,
'IATRVA': 536576,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'GetSystemDirectoryW',
'OLEAUT32.dll': 'VariantChangeType',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'SHGetSpecialFolderPathW',
'SHLWAPI.dll': 'PathIsUNCW',
'USER32.dll': 'GetWindowThreadProcessId',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'HttpAddRequestHeadersW',
'WS2_32.dll': 'ntohl',
'dbghelp.dll': 'StackWalk64',
'msvcrt.dll': '__iob_func',
'ole32.dll': 'StgOpenStorage'},
'ImportedFunctions': ['WSAGetLastError',
'getservbyname',
'ntohs',
'ntohl',
'ferror',
'_purecall',
'_CxxThrowException',
'__CxxFrameHandler3',
'memcpy',
'memset',
'atoi',
'fclose',
'_fileno',
'fopen',
'setvbuf',
'strtod',
'_read',
'_write',
'_commode',
'_fmode',
'_initterm',
'__setusermatherr',
'_cexit',
'_exit',
'exit',
'__set_app_type',
'__getmainargs',
'_amsg_exit',
'_XcptFilter',
'_onexit',
'__dllonexit',
'_unlock',
'_lock',
'??1type_info@@UEAA@XZ',
'?terminate@@YAXXZ',
'printf',
'__wargv',
'__argv',
'__argc',
'raise',
'signal',
'getenv',
'strncmp',
'fprintf',
'strcmp',
'_time64',
'_mktime64',
'_localtime64',
'_gmtime64',
'strftime',
'strstr',
'_open_osfhandle',
'_findnext64',
'_get_osfhandle',
'_findclose',
'fwrite',
'fread',
'_findfirst64',
'feof',
'_fdopen',
'_wsplitpath',
'memchr',
'__C_specific_handler',
'_endthreadex',
'_beginthreadex',
'ldexp',
'isalnum',
'strerror',
'strchr',
'fsetpos',
'_errno',
'wcsstr',
'wcschr',
'iswspace',
'_msize',
'realloc',
'malloc',
'free',
'isspace',
'isxdigit',
'isdigit',
'ungetc',
'sscanf',
'_pclose',
'fseek',
'fputc',
'fgetpos',
'fgetc',
'fflush',
'memmove',
'abort',
'sprintf',
'_vsnprintf',
'memcmp',
'_isatty',
'__iob_func',
'CharUpperW',
'IsCharAlphaW',
'MessageBeep',
'MessageBoxW',
'IsCharUpperW',
'IsCharLowerW',
'PostThreadMessageW',
'CharToOemA',
'LoadStringW',
'GetSysColor',
'GetWindowLongW',
'EnumWindows',
'CharLowerW',
'GetWindowThreadProcessId',
'CoTaskMemAlloc',
'CLSIDFromString',
'StringFromGUID2',
'CoCreateGuid',
'CoUninitialize',
'CoFreeUnusedLibraries',
'CoCreateInstance',
'StringFromCLSID',
'StringFromIID',
'CLSIDFromProgID',
'CoTaskMemFree',
'CoInitialize',
'StgCreateDocfile',
'StgOpenStorage',
'SysAllocString',
'VarDateFromStr',
'SysFreeString',
'SysStringByteLen',
'SysAllocStringByteLen',
'SafeArrayCreate',
'SafeArrayRedim',
'SafeArrayGetDim',
'SafeArrayGetElemsize',
'SafeArrayGetUBound',
'SafeArrayGetLBound',
'SafeArrayAccessData',
'SafeArrayUnaccessData',
'SafeArrayGetElement',
'SafeArrayPutElement',
'SafeArrayGetVartype',
'VariantInit',
'VariantClear',
'VariantCopy',
'VariantCopyInd',
'VariantChangeType',
'HttpSendRequestExW',
'InternetOpenW',
'InternetConnectW',
'HttpEndRequestW',
'HttpQueryInfoW',
'InternetSetFilePointer',
'InternetGetLastResponseInfoW',
'InternetCrackUrlW',
'HttpOpenRequestW',
'InternetSetOptionW',
'InternetQueryOptionW',
'InternetWriteFile',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenUrlW',
'HttpAddRequestHeadersW',
'GetModuleBaseNameW',
'GetModuleFileNameExW',
'GetModuleInformation',
'EnumProcessModules',
'SymFromAddr',
'SymInitialize',
'SymGetModuleBase64',
'SymFunctionTableAccess64',
'SymCleanup',
'StackWalk64',
'SHGetSpecialFolderPathW',
'PathStripToRootW',
'PathIsUNCW',
'GetUserNameW',
'RegCreateKeyExW',
'RegDeleteKeyW',
'RegDeleteValueW',
'RegEnumKeyExW',
'RegEnumValueW',
'RegFlushKey',
'RegLoadKeyW',
'RegOpenKeyExW',
'RegQueryInfoKeyW',
'RegQueryValueExW',
'RegSaveKeyW',
'RegSetValueExW',
'RegUnLoadKeyW',
'RegCloseKey',
'GetFileVersionInfoW',
'VerQueryValueW',
'GetFileVersionInfoSizeW',
'WriteProcessMemory',
'ReadProcessMemory',
'VirtualQueryEx',
'VirtualProtectEx',
'VirtualQuery',
'VirtualProtect',
'GetProcessVersion',
'CreateProcessW',
'GetProcessTimes',
'CreateNamedPipeW',
'ConnectNamedPipe',
'GetWindowsDirectoryW',
'GetCommandLineW',
'SystemTimeToFileTime',
'GetTimeZoneInformation',
'GetSystemTimeAsFileTime',
'LocalFileTimeToFileTime',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'CreateSemaphoreW',
'CreateEventW',
'OpenMutexW',
'CreateMutexW',
'ReleaseMutex',
'ReleaseSemaphore',
'DeleteCriticalSection',
'TryEnterCriticalSection',
'InitializeCriticalSection',
'QueryPerformanceFrequency',
'QueryPerformanceCounter',
'MoveFileW',
'CopyFileW',
'lstrcpyW',
'lstrcpynW',
'CreateFileMappingW',
'UnmapViewOfFile',
'MapViewOfFile',
'WaitForSingleObjectEx',
'ResetEvent',
'DeviceIoControl',
'GetTempPathW',
'WriteFile',
'SetFileTime',
'SetFilePointer',
'SetEndOfFile',
'RemoveDirectoryW',
'ReadFile',
'GetVolumeInformationW',
'GetTempFileNameW',
'GetLongPathNameW',
'GetFullPathNameW',
'GetFileSize',
'GetFileAttributesW',
'FlushFileBuffers',
'DeleteFileW',
'CreateFileW',
'CreateDirectoryW',
'GetCurrentDirectoryW',
'RtlLookupFunctionEntry',
'MultiByteToWideChar',
'SetLastError',
'WideCharToMultiByte',
'GetModuleFileNameW',
'VirtualFree',
'VirtualAlloc',
'OpenProcess',
'GetCurrentProcessId',
'GetOverlappedResult',
'HeapSize',
'HeapFree',
'HeapAlloc',
'HeapDestroy',
'HeapCreate',
'GetLogicalDriveStringsW',
'FindNextFileW',
'FindFirstFileW',
'FindClose',
'GetStdHandle',
'WaitForMultipleObjects',
'LocalFree',
'LocalAlloc',
'GetThreadTimes',
'GetEnvironmentVariableW',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCurrentThread',
'RtlCaptureContext',
'ExitProcess',
'GetCurrentThreadId',
'GetCurrentProcess',
'DuplicateHandle',
'CloseHandle',
'OutputDebugStringA',
'SizeofResource',
'SetCommTimeouts',
'GetModuleHandleW',
'SetEvent',
'SetThreadContext',
'GetThreadContext',
'TlsFree',
'TlsSetValue',
'TlsAlloc',
'ResumeThread',
'SuspendThread',
'GetExitCodeThread',
'GetThreadPriority',
'SetThreadPriority',
'QueueUserAPC',
'SleepEx',
'WaitForSingleObject',
'RaiseException',
'FindResourceW',
'LoadLibraryW',
'LeaveCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'GetLastError',
'GetProcAddress',
'RtlUnwindEx',
'RtlPcToFileHeader',
'SetUnhandledExceptionFilter',
'IsBadReadPtr',
'IsBadWritePtr',
'IsBadCodePtr',
'Sleep',
'GetVersion',
'GetTickCount',
'SetEnvironmentVariableW',
'ExpandEnvironmentStringsW',
'QueryDosDeviceW',
'GetSystemInfo',
'SetCurrentDirectoryW',
'LoadLibraryExA',
'GetVersionExW',
'FormatMessageW',
'FreeLibrary',
'FreeResource',
'LoadResource',
'LockResource',
'GetSystemDirectoryW'],
'LinkerVersion': 11,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 332,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 302720,
'SectionNames': {'.data\x00\x00\x00': 3072,
'.pdata\x00\x00': 40960,
'.rdata\x00\x00': 309248,
'.rsrc\x00\x00\x00': 303104,
'.text\x00\x00\x00': 532480},
'StackReserveSize': 1048576,
'filename': './data/malware/1726f58f49655d41116942b87f5bfa55c53c2280f15350731bb54fe52ff9b765'},
'1737a2011c904447473efaedbb95934860310a2e117570b7c43180643ef3690f': {'AddressOfEntryPoint': 11532,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 32768,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetCPInfo',
'SHELL32.dll': 'ShellExecuteExA',
'USER32.dll': 'MsgWaitForMultipleObjects'},
'ImportedFunctions': ['_lclose',
'GetModuleFileNameA',
'_lread',
'_llseek',
'_lopen',
'_lwrite',
'_lcreat',
'CreateDirectoryA',
'SetCurrentDirectoryA',
'lstrcatA',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'GetDiskFreeSpaceA',
'GetFileAttributesA',
'RemoveDirectoryA',
'DeleteFileA',
'lstrlenA',
'GetCurrentDirectoryA',
'CloseHandle',
'GetExitCodeProcess',
'LocalFree',
'GetCurrentProcess',
'MoveFileExA',
'Sleep',
'GetStringTypeW',
'MultiByteToWideChar',
'LCMapStringW',
'HeapReAlloc',
'HeapSize',
'IsValidCodePage',
'lstrcpyA',
'GetTempPathA',
'CompareStringA',
'GetOEMCP',
'GetACP',
'GetModuleHandleW',
'ExitProcess',
'DecodePointer',
'GetLastError',
'HeapFree',
'HeapAlloc',
'GetCommandLineA',
'GetStartupInfoW',
'InitializeCriticalSectionAndSpinCount',
'DeleteCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'EncodePointer',
'LoadLibraryW',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'TerminateProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'RtlUnwindEx',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetCPInfo',
'TranslateMessage',
'DispatchMessageA',
'PeekMessageA',
'wsprintfA',
'LoadCursorA',
'SetCursor',
'MessageBoxA',
'MsgWaitForMultipleObjects',
'GetTokenInformation',
'OpenProcessToken',
'ShellExecuteExA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 91,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 28020,
'SectionNames': {'.data\x00\x00\x00': 4096,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 14848,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 28160,
'.text\x00\x00\x00': 25088},
'StackReserveSize': 1048576,
'filename': './data/malware/1737a2011c904447473efaedbb95934860310a2e117570b7c43180643ef3690f'},
'1760c643d8d0066f40e68659966d8e19e864299426605be40700a599be66adad': {'AddressOfEntryPoint': 242652,
'DebugRVA': 254768,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 253952,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionUnbindClass',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoGetDeviceObjectPointer',
'IoStartNextPacket',
'PoStartNextPowerIrp',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoFreeIrp',
'RtlWriteRegistryValue',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'ObfDereferenceObject',
'IoInitializeRemoveLockEx',
'IoReleaseCancelSpinLock',
'IofCallDriver',
'IoRegisterShutdownNotification',
'RtlCheckRegistryKey',
'RtlQueryRegistryValues',
'ZwEnumerateValueKey',
'IoGetDeviceProperty',
'RtlCreateRegistryKey',
'ZwEnumerateKey',
'KeClearEvent',
'KeInitializeMutex',
'KeSetEvent',
'KeInitializeEvent',
'KeReleaseSpinLock',
'KeReleaseMutex',
'KeWaitForSingleObject',
'KeAcquireSpinLockRaiseToDpc',
'IoBuildSynchronousFsdRequest',
'IoFreeWorkItem',
'IoAllocateWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoInitializeIrp',
'IoCreateSynchronizationEvent',
'ZwClose',
'ExEventObjectType',
'ObReferenceObjectByHandle',
'IoRegisterPlugPlayNotification',
'IoDetachDevice',
'PoSetPowerState',
'IoUnregisterPlugPlayNotification',
'towlower',
'ZwOpenKey',
'RtlUnicodeStringToAnsiString',
'RtlFreeAnsiString',
'KeInitializeDpc',
'KeInsertQueueDpc',
'KeSynchronizeExecution',
'MmUnmapLockedPages',
'ExFreePoolWithTag',
'MmBuildMdlForNonPagedPool',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'IoAllocateMdl',
'swprintf',
'PoRequestPowerIrp',
'IoCreateNotificationEvent',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'ZwCreateSection',
'ExQueueWorkItem',
'KeInitializeTimer',
'KeSetTimer',
'KeCancelTimer',
'KeSetTimerEx',
'ExAllocatePoolWithTag',
'IoBuildDeviceIoControlRequest',
'RtlAnsiStringToUnicodeString',
'RtlIntegerToUnicodeString',
'RtlInitAnsiString',
'KeDelayExecutionThread',
'RtlFreeUnicodeString',
'RtlAppendUnicodeStringToString',
'RtlCopyString',
'RtlCopyUnicodeString',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'IoCancelIrp',
'IoReleaseRemoveLockEx',
'RtlInitUnicodeString',
'PoRegisterSystemState',
'PoUnregisterSystemState',
'IoAcquireRemoveLockEx',
'KeQueryTimeIncrement',
'sprintf',
'wcsstr',
'_purecall',
'__C_specific_handler',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionBind',
'WdfVersionBindClass',
'WdfVersionUnbind',
'WdfVersionUnbindClass'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 97,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 960,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 7680,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 3584,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 249344,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/1760c643d8d0066f40e68659966d8e19e864299426605be40700a599be66adad'},
'176806e07fdd05e2b990124d59be8ba640736550efe71f052c8fc52775b12af5': {'AddressOfEntryPoint': 1073787205,
'DebugRVA': 33440,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 32768,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'HeapReAlloc'},
'ImportedFunctions': ['OpenProcess',
'GetCurrentProcessId',
'lstrcpynW',
'GetStartupInfoW',
'GetCommandLineW',
'GetExitCodeProcess',
'WaitForSingleObject',
'ProcessIdToSessionId',
'GetLastError',
'lstrlenW',
'CloseHandle',
'HeapFree',
'HeapAlloc',
'GetCommandLineA',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'GetModuleHandleW',
'Sleep',
'GetProcAddress',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'SetUnhandledExceptionFilter',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'LeaveCriticalSection',
'EnterCriticalSection',
'LoadLibraryA',
'InitializeCriticalSectionAndSpinCount',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapSize',
'HeapReAlloc',
'SetTokenInformation',
'CreateProcessAsUserW',
'OpenProcessToken'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 71,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 2912,
'StackReserveSize': 1048576,
'filename': './data/malware/176806e07fdd05e2b990124d59be8ba640736550efe71f052c8fc52775b12af5'},
'178408a29a7d6affb78af839765008453a2a1125026a4c961fd765379e7c5eb8': {'AddressOfEntryPoint': 7340,
'DebugRVA': 12688,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'HalGetProcessorIdByNtNumber',
'WDFLDR.SYS': 'WdfVersionBindClass',
'ntoskrnl.exe': 'ExAllocatePoolWithTag'},
'ImportedFunctions': ['EtwWrite',
'KeAddProcessorAffinityEx',
'RtlQueryRegistryValuesEx',
'KeGetProcessorNumberFromIndex',
'KeGetCurrentProcessorNumberEx',
'HalDispatchTable',
'IoAllocateWorkItem',
'KeQueryActiveProcessorCountEx',
'KeCheckProcessorAffinityEx',
'IoQueueWorkItem',
'KeBugCheckEx',
'PoFxProcessorNotification',
'KeSetSystemGroupAffinityThread',
'KeInitializeAffinityEx',
'ZwPowerInformation',
'PoFxActivateComponent',
'IoGetDeviceObjectPointer',
'EtwEventEnabled',
'KeProcessorGroupAffinity',
'PoFxStartDevicePowerManagement',
'PoFxRegisterDevice',
'KeRevertToUserGroupAffinityThread',
'KeCheckProcessorGroupAffinity',
'IoUninitializeWorkItem',
'IoFreeWorkItem',
'KeInitializeDpc',
'KeSetTimerEx',
'KeAddProcessorGroupAffinity',
'IoInitializeWorkItem',
'KeInitializeEnumerationContextFromGroup',
'KeInitializeTimerEx',
'KeCancelTimer',
'IoSizeofWorkItem',
'EtwRegister',
'KeEnumerateNextProcessor',
'RtlCopyUnicodeString',
'KeInitializeEnumerationContext',
'ExFreePoolWithTag',
'EtwUnregister',
'ZwClose',
'ExAllocatePoolWithTag',
'HalGetProcessorIdByNtNumber',
'WdfVersionUnbind',
'WdfVersionBind',
'WdfVersionUnbindClass',
'WdfVersionBindClass'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 46,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 992,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 2048,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 5632,
'INIT\x00\x00\x00\x00': 2560,
'PAGE\x00\x00\x00\x00': 8192},
'StackReserveSize': 262144,
'filename': './data/malware/178408a29a7d6affb78af839765008453a2a1125026a4c961fd765379e7c5eb8'},
'180bb3a0e1af1f22fdb59d1fd565e80777d761e1c08adab92e9010e789c2be69': {'AddressOfEntryPoint': 60864,
'DebugRVA': 67152,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteKeyA',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'GDI32.dll': 'CreateFontIndirectA',
'KERNEL32.dll': 'Heap32ListFirst',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'BeginPaint',
'comdlg32.dll': 'FindTextA',
'msvcrt.dll': 'strcat'},
'ImportedFunctions': ['_initterm',
'__getmainargs',
'_acmdln',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'__setusermatherr',
'__dllonexit',
'sprintf',
'_purecall',
'_mbslwr',
'malloc',
'strtoul',
'_mbsicmp',
'_commode',
'_fmode',
'__set_app_type',
'_onexit',
'memset',
'free',
'modf',
'memcmp',
'_mbscmp',
'_mbsrchr',
'_mbschr',
'_memicmp',
'??3@YAXPEAX@Z',
'??2@YAPEAX_K@Z',
'memcpy',
'strlen',
'_ultoa',
'_itoa',
'strcpy',
'_mbsnbcat',
'_snprintf',
'strcat',
'ImageList_AddMasked',
'ImageList_Create',
'CreateToolbarEx',
'ImageList_SetImageCount',
'ImageList_ReplaceIcon',
'GetCurrentProcessId',
'ExitProcess',
'SetErrorMode',
'DeleteFileA',
'WritePrivateProfileStringA',
'GetPrivateProfileIntA',
'GetPrivateProfileStringA',
'EnumResourceNamesA',
'GetCurrentProcess',
'GetStartupInfoA',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'GlobalUnlock',
'GetFileAttributesA',
'GetVersionExA',
'GetLastError',
'CloseHandle',
'FormatMessageA',
'GetWindowsDirectoryA',
'GetModuleFileNameA',
'GetTempPathA',
'LocalFree',
'WriteFile',
'ReadFile',
'GetTempFileNameA',
'GetModuleHandleA',
'LoadLibraryExA',
'CreateFileA',
'GetFileSize',
'GlobalAlloc',
'GlobalLock',
'OpenProcess',
'CreateToolhelp32Snapshot',
'ReadProcessMemory',
'Heap32ListNext',
'Heap32ListFirst',
'EndPaint',
'FillRect',
'SetCapture',
'ReleaseCapture',
'LoadCursorA',
'ShowWindow',
'SetCursor',
'ChildWindowFromPoint',
'GetSysColorBrush',
'SetWindowTextA',
'SendDlgItemMessageA',
'SetDlgItemInt',
'GetDlgItemInt',
'EndDialog',
'GetDlgItem',
'CreateWindowExA',
'SetDlgItemTextA',
'SetWindowPos',
'DefWindowProcA',
'RegisterClassA',
'TranslateAcceleratorA',
'UpdateWindow',
'MessageBoxA',
'GetWindowRect',
'GetSystemMetrics',
'GetWindowPlacement',
'PostMessageA',
'SetMenu',
'SendMessageA',
'LoadAcceleratorsA',
'LoadIconA',
'LoadImageA',
'GetWindowLongA',
'SetWindowLongA',
'InvalidateRect',
'SetFocus',
'EnableMenuItem',
'ReleaseDC',
'GetDC',
'GetMenuItemCount',
'ScreenToClient',
'GetSubMenu',
'GetMenuStringA',
'GetClassNameA',
'CloseClipboard',
'SetClipboardData',
'EnableWindow',
'GetCursorPos',
'MapWindowPoints',
'CheckMenuRadioItem',
'GetClientRect',
'GetSysColor',
'MoveWindow',
'OpenClipboard',
'GetMenu',
'CheckMenuItem',
'EmptyClipboard',
'DialogBoxParamA',
'GetDlgCtrlID',
'DestroyMenu',
'GetWindowTextA',
'CreateDialogParamA',
'DestroyWindow',
'EnumChildWindows',
'GetMenuItemInfoA',
'LoadMenuA',
'GetParent',
'ModifyMenuA',
'LoadStringA',
'DestroyIcon',
'GetMessageA',
'EndDeferWindowPos',
'GetFocus',
'BeginDeferWindowPos',
'DeferWindowPos',
'TranslateMessage',
'DispatchMessageA',
'IsDialogMessageA',
'TrackPopupMenu',
'PostQuitMessage',
'DrawTextExA',
'RegisterWindowMessageA',
'BeginPaint',
'GetTextExtentPoint32A',
'GetStockObject',
'SetBkColor',
'PatBlt',
'GetDeviceCaps',
'CreateSolidBrush',
'SelectObject',
'SetBkMode',
'DeleteObject',
'SetTextColor',
'CreateFontIndirectA',
'GetSaveFileNameA',
'FindTextA',
'RegDeleteKeyA',
'SHGetMalloc',
'SHBrowseForFolderA',
'ExtractIconExA',
'ShellExecuteA',
'SHGetPathFromIDListA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 183,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 13352,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 13312,
'.rsrc\x00\x00\x00': 13824,
'.text\x00\x00\x00': 57856},
'StackReserveSize': 1048576,
'filename': './data/malware/180bb3a0e1af1f22fdb59d1fd565e80777d761e1c08adab92e9010e789c2be69'},
'180f76da669e8447edca155c3054b7b709885b026fbe5d5965201ffb16500172': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 2451848,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2451968,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/180f76da669e8447edca155c3054b7b709885b026fbe5d5965201ffb16500172'},
'1832274845811b18784a09623839bab7a7efb1fd78fc882937caa7e3cb6046b6': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 27120,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 27136,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/1832274845811b18784a09623839bab7a7efb1fd78fc882937caa7e3cb6046b6'},
'1882a8ee3959789ccd6710cef5fde654d5d95d8fdc13de9b5eea485b5e06dfd1': {'AddressOfEntryPoint': 134704,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 278528,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 3164,
'SectionNames': {'.data\x00\x00\x00': 21504,
'.pdata\x00\x00': 11264,
'.rdata\x00\x00': 75264,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 272384},
'StackReserveSize': 1048576,
'filename': './data/malware/1882a8ee3959789ccd6710cef5fde654d5d95d8fdc13de9b5eea485b5e06dfd1'},
'18a36234f2dd49da0a65f4faa43830f1a8522027483be661df22a1c23b8ce122': {'AddressOfEntryPoint': 1076803837,
'DebugRVA': 2136912,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 2129920,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExA',
'BtAudioHelper.dll': 'GetPreferredWaveInDevice',
'GDI32.dll': 'CreateFontIndirectA',
'IPHLPAPI.DLL': 'GetAdaptersInfo',
'KERNEL32.dll': 'GetExitCodeProcess',
'MSVCR80.dll': '_wcsdup',
'OLEAUT32.dll': 'SysFreeString',
'PSAPI.DLL': 'EnumProcesses',
'SETUPAPI.dll': 'SetupDiOpenDeviceInterfaceRegKey',
'SHELL32.dll': 'SHGetSpecialFolderPathA',
'SHLWAPI.dll': 'UrlGetPartW',
'TAPI32.dll': 'lineGenerateDigitsA',
'USER32.dll': 'UnregisterClassA',
'VERSION.dll': 'GetFileVersionInfoSizeA',
'WINSPOOL.DRV': 'GetPrinterA',
'WS2_32.dll': 'accept',
'btosif.dll': 'OSIF_DeleteObject',
'gdiplus.dll': 'GdipFree',
'irprops.cpl': 'BluetoothFindRadioClose',
'ole32.dll': 'StringFromGUID2'},
'ImportedFunctions': ['OSIF_FreeObject',
'OSIF_GetObjectName',
'OSIF_CodeToString',
'OSIF_WriteObject',
'OSIF_GetNextObject',
'OSIF_GetFirstObject',
'OSIF_GetObjectById',
'OSIF_AddObject',
'OSIF_ModifyObject',
'OSIF_ObjectsConflict',
'OSIF_FindObject',
'OSIF_ReadObjects',
'OSIF_GetObjectCount',
'OSIF_Close',
'OSIF_OpenX',
'OSIF_Open',
'OSIF_IsPresent',
'OSIF_IsPimSupported',
'OSIF_IsSupported',
'??1CBTvCard@@QEAA@XZ',
'?getName@CBTvCard@@QEAAHPEADH@Z',
'?Parse@CBTvCard@@QEAAHPEA_W@Z',
'??0CBTvCard@@QEAA@XZ',
'OSIF_ReplaceObject',
'OSIF_CreateFilter',
'OSIF_PIMId',
'OSIF_DeleteFilter',
'OSIF_GetCfgFolder',
'OSIF_WriteObjectEx',
'OSIF_SetFolder',
'OSIF_CL_Open',
'OSIF_CL_Close',
'OSIF_CL_GetDatabaseId',
'OSIF_CL_GetFirstEntry',
'OSIF_CL_GetNextEntry',
'OSIF_GetFirstId',
'OSIF_GetNextId',
'OSIF_CL_GetCurrentAnchor',
'OSIF_DeleteObject',
'FindBtAudioOutputDevice',
'CloseSpeakerConnection',
'AddPacketIntoInQueue',
'OpenMicrophoneConnection',
'GetNumberWaveInDevices',
'CloseMicrophoneConnection',
'GetAudioDeviceOUT',
'GetAudioDeviceIN',
'SetSpeakerVolume',
'GetSpeakerVolume',
'IsBtAudioDevicePresent',
'SetPreferredWaveOutDevice',
'SetPreferredWaveInDevice',
'GetPreferredWaveOutDevice',
'GetNumberWaveOutDevices',
'OpenSpeakerConnection',
'EnableMultimediaTimer',
'DisableMultimediaTimer',
'FindBtAudioDevice',
'GetPreferredWaveInDevice',
'GetInterfaceInfo',
'IpReleaseAddress',
'IpRenewAddress',
'GetAdaptersInfo',
'sendto',
'ntohl',
'bind',
'socket',
'WSAStartup',
'getsockname',
'closesocket',
'WSAGetLastError',
'WSACleanup',
'WSALookupServiceNextW',
'WSALookupServiceBeginW',
'WSALookupServiceEnd',
'WSALookupServiceNextA',
'WSALookupServiceBeginA',
'WSAAddressToStringA',
'WSASetServiceA',
'shutdown',
'connect',
'setsockopt',
'listen',
'send',
'recv',
'accept',
'SetupDiDestroyDeviceInfoList',
'SetupDiOpenDevRegKey',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiGetClassDevsA',
'SetupDiClassGuidsFromNameA',
'SetupDiGetDeviceInterfaceDetailA',
'SetupDiEnumDeviceInterfaces',
'SetupDiGetDeviceInstanceIdW',
'CM_Get_Parent',
'SetupDiGetDeviceInstanceIdA',
'SetupDiGetDeviceInterfaceDetailW',
'CM_Get_Device_IDW',
'SetupDiCallClassInstaller',
'SetupDiSetClassInstallParamsA',
'CM_Get_Device_IDA',
'SetupDiDestroyDriverInfoList',
'SetupDiGetDriverInfoDetailA',
'SetupDiEnumDriverInfoA',
'SetupDiBuildDriverInfoList',
'SetupDiCreateDeviceInfoList',
'SetupDiOpenDeviceInterfaceRegKey',
'PathRemoveFileSpecW',
'PathIsDirectoryW',
'PathRemoveFileSpecA',
'PathFindNextComponentA',
'SHSetValueA',
'SHGetValueW',
'StrRetToBufW',
'SHDeleteKeyW',
'SHGetValueA',
'SHSetValueW',
'wvnsprintfA',
'PathCombineA',
'PathIsDirectoryA',
'PathFileExistsW',
'PathFileExistsA',
'SHDeleteValueA',
'UrlGetPartW',
'lineGetLineDevStatus',
'lineDrop',
'lineSetCallPrivilege',
'lineGetCallInfoA',
'lineGetMessage',
'lineNegotiateAPIVersion',
'lineGetDevCapsA',
'lineInitializeExA',
'lineOpenA',
'lineSetStatusMessages',
'lineShutdown',
'lineGetCallStatus',
'lineClose',
'lineDeallocateCall',
'lineAnswer',
'lineMakeCallA',
'lineUnhold',
'lineHold',
'lineSetupConferenceA',
'lineAddToConference',
'lineGenerateDigitsA',
'BluetoothFindFirstDevice',
'BluetoothFindNextDevice',
'BluetoothFindDeviceClose',
'BluetoothEnumerateInstalledServices',
'BluetoothFindFirstRadio',
'BluetoothGetDeviceInfo',
'BluetoothFindRadioClose',
'GdipCreateBitmapFromFile',
'GdipCreateBitmapFromFileICM',
'GdipGetImageEncodersSize',
'GdipGetImageEncoders',
'GdipDeleteGraphics',
'GdipCloneImage',
'GdipDisposeImage',
'GdipCreateBitmapFromScan0',
'GdipGetImagePixelFormat',
'GdipGetImageHeight',
'GdipGetImageWidth',
'GdipSaveImageToFile',
'GdipDrawImagePointRectI',
'GdipGetImageGraphicsContext',
'GdipAlloc',
'GdiplusStartup',
'GdiplusShutdown',
'GdipFree',
'EnumProcesses',
'_strdup',
'_mbsrchr',
'_ltoa',
'labs',
'fclose',
'ftell',
'fread',
'fseek',
'_errno',
'_wfopen',
'_snprintf',
'atof',
'_time64',
'_localtime64_s',
'strtol',
'_strnicmp',
'_vswprintf',
'qsort',
'strtok',
'wcsncmp',
'_mbstok_s',
'wcschr',
'towlower',
'fopen',
'feof',
'ferror',
'fwrite',
'wcstok',
'fputc',
'fputs',
'fprintf',
'_ltow',
'_ultoa',
'fabs',
'atol',
'_mbsnbicmp',
'_ctime64',
'strncat',
'_strlwr',
'wcstol',
'_wcslwr',
'wcstoul',
'strtoul',
'floor',
'rand',
'strftime',
'_splitpath',
'__doserrno',
'clearerr_s',
'fgets',
'?terminate@@YAXXZ',
'_unlock',
'_encode_pointer',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'_amsg_exit',
'__getmainargs',
'_XcptFilter',
'_exit',
'_ismbblead',
'_cexit',
'exit',
'_acmdln',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'__crt_debugger_hook',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'_endthread',
'_mktime64',
'_localtime64',
'_gmtime64',
'asctime',
'isalpha',
'tolower',
'strncmp',
'memmove',
'strncpy_s',
'strchr',
'wcsrchr',
'_wcsupr',
'_wcsicmp',
'_wctime64',
'_ftime64_s',
'strrchr',
'sscanf_s',
'wcscat_s',
'_ultow_s',
'swscanf_s',
'vsprintf_s',
'swprintf_s',
'realloc',
'_mbsnbcat',
'_mbschr',
'strncpy',
'_mbsicmp',
'_mbsnbcpy',
'_stricmp',
'_memicmp',
'atoi',
'strcmp',
'isdigit',
'toupper',
'strstr',
'_strupr',
'_mbsnbcmp',
'isprint',
'_mbsupr',
'memmove_s',
'_mbsstr',
'sprintf_s',
'wcscmp',
'wcscpy',
'swscanf',
'wcsstr',
'mbstowcs',
'wcscat',
'strcat_s',
'sscanf',
'vsprintf',
'_mbsnbcpy_s',
'memcpy_s',
'strcat',
'ceil',
'memcmp',
'_mbscmp',
'__RTDynamicCast',
'_beginthreadex',
'strcpy_s',
'sprintf',
'strcpy',
'_CxxThrowException',
'memcpy',
'strlen',
'wcsncpy',
'__C_specific_handler',
'calloc',
'_recalloc',
'free',
'malloc',
'_purecall',
'memset',
'__CxxFrameHandler3',
'wcscpy_s',
'wcslen',
'_resetstkoflw',
'_swprintf',
'_ultow',
'_wrename',
'_wremove',
'fgetc',
'_snwprintf',
'wcsncpy_s',
'_wcsdup',
'CreateDirectoryW',
'RemoveDirectoryW',
'DeleteFileW',
'MoveFileW',
'FindNextFileW',
'FindFirstFileW',
'FindClose',
'QueryPerformanceCounter',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetStartupInfoA',
'LocalAlloc',
'GetCurrentDirectoryA',
'OutputDebugStringA',
'GetSystemDefaultLangID',
'GetComputerNameA',
'GetWindowsDirectoryA',
'GlobalMemoryStatus',
'GetModuleHandleExW',
'GetModuleFileNameW',
'LoadLibraryW',
'QueryActCtxW',
'FindActCtxSectionStringW',
'DeactivateActCtx',
'ActivateActCtx',
'CreateActCtxW',
'WinExec',
'FindNextFileA',
'TerminateProcess',
'GlobalAlloc',
'GlobalFree',
'GetTempFileNameW',
'GetTempFileNameA',
'GetCommModemStatus',
'WaitCommEvent',
'WriteFile',
'ClearCommError',
'ReadFile',
'EscapeCommFunction',
'PurgeComm',
'SetupComm',
'GetCommState',
'SetCommState',
'SetCommMask',
'SetCommTimeouts',
'CreateFileW',
'GetTimeZoneInformation',
'SetFileTime',
'MoveFileA',
'RemoveDirectoryA',
'SetFileAttributesA',
'SetFileAttributesW',
'GetFileAttributesExW',
'GetFileAttributesExA',
'FileTimeToSystemTime',
'GetFileAttributesA',
'ExpandEnvironmentStringsA',
'GetSystemPowerStatus',
'GetTempPathW',
'DeleteFileA',
'GetTempPathA',
'MulDiv',
'CancelWaitableTimer',
'SetWaitableTimer',
'CreateWaitableTimerA',
'FormatMessageA',
'SetThreadExecutionState',
'OpenEventA',
'TlsGetValue',
'TlsSetValue',
'TlsFree',
'TlsAlloc',
'WaitForMultipleObjects',
'GetOverlappedResult',
'TerminateThread',
'SetThreadPriority',
'LocalFree',
'OutputDebugStringW',
'lstrcmpA',
'lstrcpyA',
'ResetEvent',
'Process32Next',
'Process32First',
'CreateToolhelp32Snapshot',
'SetLastError',
'HeapAlloc',
'GetProcessHeap',
'FindResourceExA',
'HeapFree',
'CreateSemaphoreA',
'DeviceIoControl',
'CreateFileA',
'CallNamedPipeA',
'CreateProcessA',
'FindFirstFileA',
'GetACP',
'GetThreadLocale',
'GetUserDefaultUILanguage',
'OpenProcess',
'VerSetConditionMask',
'GetFileAttributesW',
'RaiseException',
'SetProcessShutdownParameters',
'GetCommandLineA',
'GetCurrentThreadId',
'GetVersionExA',
'GetLocaleInfoA',
'IsValidCodePage',
'GetCurrentThread',
'DuplicateHandle',
'GetCurrentProcessId',
'CreateEventA',
'CreateThread',
'Sleep',
'SetEvent',
'IsDBCSLeadByte',
'LoadLibraryExA',
'FindResourceA',
'LoadResource',
'SizeofResource',
'GetModuleFileNameA',
'GetModuleHandleA',
'CopyFileA',
'GetSystemDirectoryA',
'SetEnvironmentVariableA',
'GetSystemTimeAsFileTime',
'FileTimeToDosDateTime',
'GetProcAddress',
'CreateDirectoryA',
'LoadLibraryA',
'FreeLibrary',
'CompareFileTime',
'GetSystemTime',
'SystemTimeToFileTime',
'CreateMutexA',
'OpenMutexA',
'ReleaseMutex',
'GetCurrentProcess',
'SetPriorityClass',
'GetTickCount',
'InitializeCriticalSection',
'GetLastError',
'LeaveCriticalSection',
'EnterCriticalSection',
'DeleteCriticalSection',
'ReleaseSemaphore',
'OpenSemaphoreA',
'WaitForSingleObject',
'CloseHandle',
'lstrlenA',
'lstrcmpiA',
'WideCharToMultiByte',
'lstrlenW',
'GetEnvironmentVariableA',
'MultiByteToWideChar',
'GetVersion',
'VerifyVersionInfoA',
'GetExitCodeProcess',
'KillTimer',
'MessageBoxA',
'wvsprintfA',
'LoadStringW',
'RegisterWindowMessageA',
'IsWindow',
'GetWindowLongA',
'FindWindowExA',
'GetWindowTextW',
'GetClassNameA',
'GetParent',
'DestroyWindow',
'SetClassLongPtrW',
'CreateWindowExW',
'CheckRadioButton',
'CheckDlgButton',
'GetDlgItem',
'CallWindowProcW',
'PeekMessageA',
'wsprintfA',
'MsgWaitForMultipleObjects',
'InvalidateRect',
'GetClientRect',
'SystemParametersInfoA',
'DestroyMenu',
'CreatePopupMenu',
'GetSystemMetrics',
'GetForegroundWindow',
'PostQuitMessage',
'GetWindowLongPtrA',
'DefWindowProcA',
'FindWindowA',
'PostMessageA',
'GetDesktopWindow',
'wsprintfW',
'RegisterClassExA',
'CreateWindowExA',
'SetWindowLongPtrA',
'SetTimer',
'GetMessageA',
'SendMessageA',
'PostThreadMessageA',
'CharNextA',
'LoadStringA',
'UnregisterDeviceNotification',
'RegisterDeviceNotificationA',
'DispatchMessageA',
'UnregisterClassA',
'GetDeviceCaps',
'CreateFontIndirectA',
'StartPagePrinter',
'EndDocPrinter',
'WritePrinter',
'EndPagePrinter',
'StartDocPrinterA',
'EnumJobsA',
'OpenPrinterA',
'ClosePrinter',
'EnumPrintersA',
'DeviceCapabilitiesA',
'SetJobA',
'GetPrinterA',
'RegEnumKeyExA',
'CryptImportKey',
'RegOpenKeyExW',
'RegEnumValueW',
'RegCreateKeyExW',
'RegQueryValueExW',
'RegEnumKeyExW',
'RegEnumKeyW',
'RegDeleteKeyExA',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'QueryServiceStatus',
'ControlService',
'StartServiceA',
'OpenServiceA',
'OpenSCManagerA',
'GetUserNameA',
'CryptDecrypt',
'CryptGetUserKey',
'CryptGenKey',
'CryptExportKey',
'CryptEncrypt',
'CryptDestroyKey',
'InitializeSecurityDescriptor',
'CryptSetProvParam',
'CryptReleaseContext',
'CryptAcquireContextA',
'RegEnumValueA',
'RegQueryInfoKeyA',
'RegCreateKeyExA',
'RegDeleteValueA',
'RegDeleteKeyA',
'RegCloseKey',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegSetValueExA',
'SHGetMalloc',
'SHGetPathFromIDListW',
'SHGetSpecialFolderLocation',
'ShellExecuteA',
'SHChangeNotify',
'SHGetFolderLocation',
'SHGetDesktopFolder',
'SHGetFolderPathA',
'SHCreateDirectoryExA',
'SHGetSpecialFolderPathA',
'CoCreateGuid',
'CoCreateInstance',
'CoInitialize',
'CoRevokeClassObject',
'CoRegisterClassObject',
'CoInitializeEx',
'CoResumeClassObjects',
'CoUninitialize',
'CoSuspendClassObjects',
'CoTaskMemRealloc',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CoMarshalInterThreadInterfaceInStream',
'CoGetInterfaceAndReleaseStream',
'StringFromGUID2',
'VarBstrFromDate',
'SysAllocStringLen',
'SystemTimeToVariantTime',
'VariantTimeToSystemTime',
'OleCreatePropertyFrame',
'SafeArrayGetUBound',
'SafeArrayGetElement',
'SafeArrayCreate',
'SafeArrayPutElement',
'SafeArrayDestroyData',
'LoadRegTypeLib',
'UnRegisterTypeLib',
'LoadTypeLib',
'SysStringLen',
'RegisterTypeLib',
'VarUI4FromStr',
'DosDateTimeToVariantTime',
'SysAllocString',
'VariantCopy',
'VariantInit',
'VariantClear',
'SysFreeString',
'VerQueryValueA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 22,
'NumberOfImportFunctions': 641,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 85160,
'StackReserveSize': 1048576,
'filename': './data/malware/18a36234f2dd49da0a65f4faa43830f1a8522027483be661df22a1c23b8ce122'},
'18f36aac41ad4aaa1a6b2d475ac41720a081c3debf2df2c7f049394770264925': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/18f36aac41ad4aaa1a6b2d475ac41720a081c3debf2df2c7f049394770264925'},
'19740564489f1c9e874cb46fe092851e397ef33ca6afe554d7240b7443afc129': {'AddressOfEntryPoint': 484124,
'DebugRVA': 633440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 836864,
'ExportSize': 483,
'IATRVA': 630784,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'CryptDestroyHash',
'KERNEL32.dll': 'LoadLibraryA',
'USER32.dll': 'CreateDesktopW',
'USERENV.dll': 'CreateEnvironmentBlock',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WINMM.dll': 'timeGetTime',
'WS2_32.dll': 'send'},
'ImportedFunctions': ['LocalAlloc',
'ResumeThread',
'GetModuleHandleW',
'GetLongPathNameW',
'IsProcessInJob',
'GetCurrentProcessId',
'DuplicateHandle',
'OpenProcess',
'GetModuleFileNameW',
'GetTempPathW',
'GetEnvironmentVariableW',
'GetCommandLineW',
'CreateProcessW',
'GetFileInformationByHandle',
'GetExitCodeProcess',
'WaitForSingleObject',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'DebugActiveProcess',
'GetProcessId',
'GetUserDefaultLCID',
'GetUserDefaultLangID',
'LeaveCriticalSection',
'ReleaseSemaphore',
'GetCurrentThreadId',
'EnterCriticalSection',
'VirtualQuery',
'CreateFileW',
'RtlCaptureContext',
'DeleteCriticalSection',
'FreeLibrary',
'LoadLibraryW',
'CreateThread',
'CreateSemaphoreW',
'InitializeCriticalSection',
'WaitNamedPipeW',
'GetLastError',
'WaitForMultipleObjects',
'SetEvent',
'ResetEvent',
'WriteFile',
'TransactNamedPipe',
'SetNamedPipeHandleState',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CreateEventW',
'ExpandEnvironmentStringsW',
'SetEnvironmentVariableW',
'LocalFree',
'RaiseException',
'SetThreadPriority',
'IsDebuggerPresent',
'lstrlenW',
'GetStdHandle',
'SetInformationJobObject',
'VirtualQueryEx',
'HeapSetInformation',
'GetTickCount',
'GetModuleHandleExA',
'ReadFile',
'SetHandleInformation',
'GetSystemInfo',
'AssignProcessToJobObject',
'GetSystemTimeAsFileTime',
'GetNativeSystemInfo',
'GetVersionExW',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'UnmapViewOfFile',
'GetFileAttributesW',
'CloseHandle',
'FindClose',
'FindNextFileW',
'FindFirstFileW',
'GetCurrentDirectoryW',
'MapViewOfFile',
'CreateFileMappingW',
'SetLastError',
'QueryDosDeviceW',
'ReleaseMutex',
'CreateMutexW',
'SetFilePointer',
'OutputDebugStringA',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'SystemTimeToFileTime',
'SetEndOfFile',
'FlushFileBuffers',
'GetLocaleInfoW',
'GetUserDefaultUILanguage',
'InitializeCriticalSectionAndSpinCount',
'TlsAlloc',
'TlsGetValue',
'TlsFree',
'TlsSetValue',
'GetQueuedCompletionStatus',
'CreateIoCompletionPort',
'PostQueuedCompletionStatus',
'GetSystemPowerStatus',
'RtlCaptureStackBackTrace',
'GetCurrentThread',
'UnregisterWaitEx',
'RegisterWaitForSingleObject',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'ConnectNamedPipe',
'CancelIo',
'CreateNamedPipeW',
'GetNamedPipeInfo',
'TerminateJobObject',
'SignalObjectAndWait',
'GetProcessHandleCount',
'VirtualFree',
'WriteProcessMemory',
'VirtualAllocEx',
'GetThreadContext',
'VirtualFreeEx',
'VirtualProtectEx',
'CreateJobObjectW',
'OpenEventW',
'SearchPathW',
'DebugBreak',
'ReadProcessMemory',
'SetThreadContext',
'ContinueDebugEvent',
'WaitForDebugEvent',
'VirtualProtect',
'VirtualAlloc',
'SwitchToThread',
'SuspendThread',
'FlushInstructionCache',
'AddVectoredExceptionHandler',
'RemoveVectoredExceptionHandler',
'ExitProcess',
'MapViewOfFileEx',
'GetSystemTime',
'PeekNamedPipe',
'DisconnectNamedPipe',
'GetNamedPipeHandleStateW',
'EncodePointer',
'DecodePointer',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'HeapFree',
'GetStartupInfoW',
'SetStdHandle',
'GetFileType',
'HeapAlloc',
'HeapReAlloc',
'GetConsoleCP',
'GetConsoleMode',
'GetProcessHeap',
'ExitThread',
'RtlPcToFileHeader',
'CreateFileA',
'GetDriveTypeA',
'FindFirstFileExA',
'LCMapStringW',
'GetCPInfo',
'GetVersion',
'HeapCreate',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'HeapSize',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetTimeZoneInformation',
'WriteConsoleW',
'GetStringTypeW',
'GetFullPathNameA',
'GetLocaleInfoA',
'EnumSystemLocalesA',
'IsValidLocale',
'GetDriveTypeW',
'CompareStringW',
'SetEnvironmentVariableA',
'SetUnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'Sleep',
'CreateRemoteThread',
'GetModuleHandleA',
'SetCurrentDirectoryW',
'GetProcAddress',
'LoadLibraryA',
'PeekMessageW',
'GetQueueStatus',
'DefWindowProcW',
'SetTimer',
'RegisterClassExW',
'WaitMessage',
'MsgWaitForMultipleObjectsEx',
'UnregisterClassW',
'CloseWindowStation',
'CloseDesktop',
'PostQuitMessage',
'GetProcessWindowStation',
'PostMessageW',
'SetProcessWindowStation',
'GetThreadDesktop',
'GetUserObjectInformationW',
'DestroyWindow',
'CreateWindowExW',
'CallMsgFilterW',
'TranslateMessage',
'CreateWindowStationW',
'DispatchMessageW',
'CharUpperW',
'MessageBoxW',
'KillTimer',
'WaitForInputIdle',
'wsprintfW',
'CreateDesktopW',
'RegSetValueExW',
'RegQueryInfoKeyW',
'RegCloseKey',
'RegEnumKeyExW',
'RegOpenKeyExW',
'RegCreateKeyExW',
'RegQueryValueExW',
'RegDeleteValueW',
'ConvertSidToStringSidW',
'CreateProcessAsUserW',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'GetTraceLoggerHandle',
'RegisterTraceGuidsW',
'UnregisterTraceGuids',
'TraceEvent',
'CryptDestroyKey',
'CryptReleaseContext',
'SetEntriesInAclW',
'GetTokenInformation',
'OpenProcessToken',
'GetSecurityInfo',
'CreateWellKnownSid',
'CopySid',
'LookupPrivilegeValueW',
'EqualSid',
'DuplicateToken',
'DuplicateTokenEx',
'CreateRestrictedToken',
'SetThreadToken',
'ConvertStringSidToSidW',
'GetLengthSid',
'SetTokenInformation',
'RevertToSelf',
'RegDisablePredefinedCache',
'CryptAcquireContextW',
'CryptImportKey',
'CryptCreateHash',
'CryptSetHashParam',
'CryptHashData',
'CryptGetHashParam',
'CryptDestroyHash',
'DestroyEnvironmentBlock',
'CreateEnvironmentBlock',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'ntohs',
'gethostbyname',
'shutdown',
'select',
'recv',
'closesocket',
'socket',
'htons',
'htonl',
'accept',
'listen',
'bind',
'setsockopt',
'WSACleanup',
'WSAStartup',
'send',
'timeGetDevCaps',
'timeBeginPeriod',
'timeEndPeriod',
'timeGetTime'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 290,
'NumberOfSections': 9,
'OSVersion': 5,
'ResSize': 1504,
'SectionNames': {'.data\x00\x00\x00': 13824,
'.pdata\x00\x00': 36864,
'.rdata\x00\x00': 206848,
'.reloc\x00\x00': 11776,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 626688,
'.tls\x00\x00\x00\x00': 512,
'data\x00\x00\x00\x00': 8704,
'text\x00\x00\x00\x00': 1536},
'StackReserveSize': 1048576,
'filename': './data/malware/19740564489f1c9e874cb46fe092851e397ef33ca6afe554d7240b7443afc129'},
'19ab5b7bec07ec3bce7d87ce3fb851943774b93a300ab19d10f06739886fde48': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 111808,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 112128,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/19ab5b7bec07ec3bce7d87ce3fb851943774b93a300ab19d10f06739886fde48'},
'19b4ef0e6d9ecdd2c1d3f4bc978f2156470a4f0fee10ef41269266d024376421': {'AddressOfEntryPoint': 51316,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 713880,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 714240,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/19b4ef0e6d9ecdd2c1d3f4bc978f2156470a4f0fee10ef41269266d024376421'},
'19ce03444ec992ba7a4e288b7e5e006523454f2c11c4fb87110606a26df06bdf': {'AddressOfEntryPoint': 1073772357,
'DebugRVA': 13072,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetCommandLineW',
'MSVCR90.dll': '__CxxFrameHandler3',
'QtCore4.dll': '?qRealloc@@YAPEAXPEAX_K@Z',
'QtGui4.dll': '?setQuitOnLastWindowClosed@QApplication@@SAX_N@Z',
'lmubase.dll': '?retain@LMUBase@@QEAAXXZ',
'lmumain.dll': '?exec@LMUQtApplication@@UEAAHXZ',
'lmupipe.dll': '?packetFromCommandLine@LMUPipeConduit@@SAPEAVLMUPipePacket@@HQEAPEAD@Z'},
'ImportedFunctions': ['_configthreadlocale',
'__setusermatherr',
'_commode',
'_initterm_e',
'__set_app_type',
'?terminate@@YAXXZ',
'_initterm',
'_acmdln',
'exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__getmainargs',
'_amsg_exit',
'_decode_pointer',
'_onexit',
'_lock',
'_encode_pointer',
'__dllonexit',
'_unlock',
'__C_specific_handler',
'_fmode',
'__crt_debugger_hook',
'__CxxFrameHandler3',
'RtlCaptureContext',
'GetCommandLineA',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'SetUnhandledExceptionFilter',
'GetStartupInfoA',
'Sleep',
'GetCommandLineW',
'?qMalloc@@YAPEAX_K@Z',
'?toLocal8Bit@QString@@QEBA?AVQByteArray@@XZ',
'?qFree@@YAXPEAX@Z',
'?shared_null@QByteArray@@0UData@1@A',
'?qWinMain@@YAXPEAUHINSTANCE__@@0PEADHAEAHAEAV?$QVector@PEAD@@@Z',
'?malloc@QVectorData@@SAPEAU1@HHHPEAU1@@Z',
'?data@QByteArray@@QEAAPEADXZ',
'??1QByteArray@@QEAA@XZ',
'??0QByteArray@@QEAA@XZ',
'?deref@QBasicAtomicInt@@QEAA_NXZ',
'?ref@QBasicAtomicInt@@QEAA_NXZ',
'??4QBasicAtomicInt@@QEAAAEAV0@H@Z',
'??9QBasicAtomicInt@@QEBA_NH@Z',
'??1QString@@QEAA@XZ',
'??0QString@@QEAA@PEBD@Z',
'?qRegisterResourceData@@YA_NHPEBE00@Z',
'?qUnregisterResourceData@@YA_NHPEBE00@Z',
'?windowsVersion@QSysInfo@@SA?AW4WinVersion@1@XZ',
'?qMemSet@@YAPEAXPEAXH_K@Z',
'??4QByteArray@@QEAAAEAV0@AEBV0@@Z',
'??4QByteArray@@QEAAAEAV0@PEBD@Z',
'?fromUtf16@QString@@SA?AV1@PEBGH@Z',
'?qRealloc@@YAPEAXPEAX_K@Z',
'?setQuitOnLastWindowClosed@QApplication@@SAX_N@Z',
'?release@LMUBase@@QEAAJXZ',
'?logDebug@LMUBase@@SAXAEBVQString@@@Z',
'?retain@LMUBase@@QEAAXXZ',
'?connect@LMUPipeInternalConduit@@SAPEAVLMUPipeSession@@XZ',
'?setMaxConnections@LMUPipeServer@@QEAAXJ@Z',
'?conduit@LMUPipeServer@@QEAAPEAVLMUPipeConduit@@XZ',
'?setTimeout@LMUPipeServer@@QEAAXJ@Z',
'?send@LMUPipeSession@@QEAAJPEAVLMUPipePacket@@@Z',
'?packetFromCommandLine@LMUPipeConduit@@SAPEAVLMUPipePacket@@HQEAPEAD@Z',
'?initialize@LMUApplication@@UEAAXXZ',
'??0LMUQtApplication@@QEAA@AEAHQEAPEAD_N@Z',
'?uninitialize@LMUApplication@@UEAAXXZ',
'??1LMUQtApplication@@UEAA@XZ',
'?server@LMUApplication@@QEAAPEAVLMUPipeServer@@XZ',
'?exec@LMUQtApplication@@UEAAHXZ'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 81,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 7024,
'StackReserveSize': 1048576,
'filename': './data/malware/19ce03444ec992ba7a4e288b7e5e006523454f2c11c4fb87110606a26df06bdf'},
'1a05660630ee0995f558cd0419117e4bc736cf954f5b703ebb3e986f9cf762fb': {'AddressOfEntryPoint': 29492,
'DebugRVA': 8624,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'FLTMGR.SYS': 'FltGetDeviceObject',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['KeAcquireSpinLockRaiseToDpc',
'ExAllocatePool',
'ExpInterlockedPushEntrySList',
'ExAllocatePoolWithTag',
'ExQueryDepthSList',
'KeBugCheckEx',
'IoThreadToProcess',
'IofCallDriver',
'IoRegisterFsRegistrationChange',
'ExQueueWorkItem',
'IoDetachDevice',
'ExDeleteNPagedLookasideList',
'KeReleaseSpinLock',
'PsGetProcessId',
'IoUnregisterFsRegistrationChange',
'ZwWriteFile',
'IoQueueWorkItem',
'IoFreeWorkItem',
'IoCreateDevice',
'IoDeleteDevice',
'ObfDereferenceObject',
'RtlInitUnicodeString',
'ZwReadFile',
'RtlCompareUnicodeString',
'IoAttachDeviceToDeviceStackSafe',
'ExInitializeNPagedLookasideList',
'ExFreePoolWithTag',
'ExpInterlockedPopEntrySList',
'IoAllocateWorkItem',
'__C_specific_handler',
'FltObjectDereference',
'FltStartFiltering',
'FltGetVolumeFromDeviceObject',
'FltReleaseFileNameInformation',
'FltCreateCommunicationPort',
'FltRegisterFilter',
'FltBuildDefaultSecurityDescriptor',
'FltEnumerateVolumes',
'FltGetVolumeName',
'FltCloseCommunicationPort',
'FltCloseClientPort',
'FltUnregisterFilter',
'FltCancelFileOpen',
'FltGetBottomInstance',
'FltGetFileNameInformation',
'FltGetVolumeFromName',
'FltClose',
'FltAttachVolume',
'FltCreateFile',
'FltSendMessage',
'FltFreeSecurityDescriptor',
'FltGetDeviceObject'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 52,
'NumberOfSections': 7,
'OSVersion': 6,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.text\x00\x00\x00': 3072,
'INIT\x00\x00\x00\x00': 3072,
'PAGE\x00\x00\x00\x00': 8192},
'StackReserveSize': 262144,
'filename': './data/malware/1a05660630ee0995f558cd0419117e4bc736cf954f5b703ebb3e986f9cf762fb'},
'1a13ebe7147dd568d37ad11663af8ea86c8e706c7e1119eaf7f5bcf7915d8ba1': {'AddressOfEntryPoint': 18492,
'DebugRVA': 49776,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'HeapReAlloc'},
'ImportedFunctions': ['WriteProcessMemory',
'VirtualProtectEx',
'GetProcAddress',
'GetModuleHandleW',
'ReadProcessMemory',
'WideCharToMultiByte',
'OpenProcess',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'GetLastError',
'FlsAlloc',
'HeapAlloc',
'HeapFree',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'Sleep',
'ExitProcess',
'GetModuleFileNameW',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'LoadLibraryA',
'GetLocaleInfoA',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'InitializeCriticalSectionAndSpinCount',
'HeapReAlloc'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 65,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1424,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 14848,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 42496},
'StackReserveSize': 1048576,
'filename': './data/malware/1a13ebe7147dd568d37ad11663af8ea86c8e706c7e1119eaf7f5bcf7915d8ba1'},
'1ab0d7ae73c5f0696f786efb93e8957b78b7c5195573aa0dff770b7e7794f4c3': {'AddressOfEntryPoint': 10172,
'DebugRVA': 13920,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 27136,
'ExportSize': 107,
'IATRVA': 16384,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'API-MS-Win-Core-ErrorHandling-L1-1-0.dll': 'SetErrorMode',
'API-MS-Win-Core-Handle-L1-1-0.dll': 'CloseHandle',
'API-MS-Win-Core-LibraryLoader-L1-1-0.dll': 'GetModuleHandleW',
'API-MS-Win-Core-LocalRegistry-L1-1-0.dll': 'RegQueryValueExW',
'API-MS-Win-Core-Misc-L1-1-0.dll': 'Sleep',
'API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll': 'GetEnvironmentVariableW',
'API-MS-Win-Core-ProcessThreads-L1-1-0.dll': 'TerminateProcess',
'API-MS-Win-Core-Profile-L1-1-0.dll': 'QueryPerformanceCounter',
'API-MS-Win-Core-Synch-L1-1-0.dll': 'OpenEventW',
'API-MS-Win-Core-SysInfo-L1-1-0.dll': 'GetTickCount',
'API-MS-Win-Security-Base-L1-1-0.dll': 'GetTokenInformation',
'RPCRT4.dll': 'RpcServerUseProtseqEpW',
'SspiSrv.dll': 'SspiSrvClientCallback',
'msvcrt.dll': '_vsnprintf_s',
'ntdll.dll': 'RtlCaptureContext'},
'ImportedFunctions': ['__setusermatherr',
'_amsg_exit',
'_initterm',
'memcpy',
'exit',
'_commode',
'_fmode',
'?terminate@@YAXXZ',
'memset',
'__set_app_type',
'_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'strcpy_s',
'_vsnprintf_s',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'NtListenPort',
'NtAcceptConnectPort',
'NtRequestWaitReplyPort',
'NtConnectPort',
'NtReplyWaitReceivePort',
'NtCreatePort',
'NtCompleteConnectPort',
'NtSetSecurityObject',
'RtlInitializeSid',
'RtlAllocateHeap',
'NtOpenEvent',
'RtlFreeHeap',
'RtlLengthRequiredSid',
'RtlSubAuthoritySid',
'RtlNtStatusToDosError',
'RtlSetOwnerSecurityDescriptor',
'RtlCreateSecurityDescriptor',
'RtlLengthSid',
'NtOpenFile',
'RtlAllocateAndInitializeSid',
'RtlMakeSelfRelativeSD',
'NtSetInformationProcess',
'RtlSetSaclSecurityDescriptor',
'RtlAddAccessAllowedAce',
'RtlUnhandledExceptionFilter',
'NtSetInformationFile',
'RtlInitUnicodeString',
'RtlSetDaclSecurityDescriptor',
'RtlCreateAcl',
'NtDeviceIoControlFile',
'RtlSetProcessIsCritical',
'RtlAddMandatoryAce',
'DbgPrintEx',
'RtlCaptureContext',
'I_RpcMapWin32Status',
'RpcServerRegisterIf2',
'NdrServerCallAll',
'NdrServerCall2',
'RpcServerListen',
'RpcServerUseProtseqEpW',
'SspiSrvInitialize',
'SspiSrvClientCallback',
'UnhandledExceptionFilter',
'SetLastError',
'GetLastError',
'SetUnhandledExceptionFilter',
'SetErrorMode',
'CloseHandle',
'LoadLibraryExW',
'GetProcAddress',
'GetModuleHandleW',
'RegOpenKeyExW',
'RegCloseKey',
'RegQueryValueExW',
'LocalAlloc',
'LocalFree',
'Sleep',
'SetEnvironmentVariableW',
'GetEnvironmentVariableW',
'OpenProcessToken',
'GetCurrentProcess',
'ExitThread',
'CreateThread',
'GetCurrentThreadId',
'GetCurrentProcessId',
'TerminateProcess',
'QueryPerformanceCounter',
'SetEvent',
'CreateEventW',
'OpenEventW',
'GetSystemTimeAsFileTime',
'GetTickCount',
'GetTokenInformation'],
'LinkerVersion': 9,
'NumberOfImportDLL': 15,
'NumberOfImportFunctions': 92,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1792,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 15360,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 10240},
'StackReserveSize': 524288,
'filename': './data/malware/1ab0d7ae73c5f0696f786efb93e8957b78b7c5195573aa0dff770b7e7794f4c3'},
'1ab3d22097fbfc9c63890d636c5f8fce86f90ccdd282be7c4cf302866e67b94c': {'AddressOfEntryPoint': 5360,
'DebugRVA': 8624,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetSystemTimeAsFileTime',
'MSVCR90.dll': '__set_app_type',
'USER32.dll': 'wsprintfA'},
'ImportedFunctions': ['FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'GetVersionExA',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'Sleep',
'GetSystemTimeAsFileTime',
'wsprintfA',
'__setusermatherr',
'_commode',
'_fmode',
'_encode_pointer',
'_configthreadlocale',
'__crt_debugger_hook',
'?terminate@@YAXXZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'_initterm_e',
'_initterm',
'__initenv',
'exit',
'_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_amsg_exit',
'memset',
'__set_app_type'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 43,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 1644,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 2560,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 3072},
'StackReserveSize': 1048576,
'filename': './data/malware/1ab3d22097fbfc9c63890d636c5f8fce86f90ccdd282be7c4cf302866e67b94c'},
'1af7a96895ba3064b40323b07f79fe279c9db72a71ea43b321e480f03073b01d': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 600516,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 488448,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/1af7a96895ba3064b40323b07f79fe279c9db72a71ea43b321e480f03073b01d'},
'1af8e45337900146089a025fb0f0c45a2738841dcbb547a85212d202e550672d': {'AddressOfEntryPoint': 72960,
'DebugRVA': 79696,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 77824,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'CryptDeriveKey',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'GlobalUnlock',
'SHELL32.dll': 'SHBrowseForFolderA',
'USER32.dll': 'GetDlgItemInt',
'comdlg32.dll': 'GetSaveFileNameA',
'msvcrt.dll': 'sprintf',
'ole32.dll': 'CoUninitialize'},
'ImportedFunctions': ['_initterm',
'__getmainargs',
'_acmdln',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'_onexit',
'__dllonexit',
'_purecall',
'qsort',
'_strlwr',
'strcmp',
'_memicmp',
'strchr',
'strrchr',
'_strcmpi',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'malloc',
'free',
'strtoul',
'atoi',
'_snprintf',
'wcscpy',
'wcschr',
'wcsncmp',
'memcmp',
'??2@YAPEAX_K@Z',
'??3@YAXPEAX@Z',
'_strnicmp',
'wcslen',
'_mbsicmp',
'_mbscmp',
'log',
'strlen',
'memcpy',
'abs',
'strcpy',
'memset',
'_itoa',
'strcat',
'strncat',
'sprintf',
'ImageList_AddMasked',
'ImageList_Create',
'CreateToolbarEx',
'ImageList_SetImageCount',
'ImageList_ReplaceIcon',
'GetCurrentProcess',
'ExitProcess',
'GetCurrentProcessId',
'DeleteFileA',
'WritePrivateProfileStringA',
'GetPrivateProfileStringA',
'GetPrivateProfileIntA',
'EnumResourceNamesA',
'WriteFile',
'CreateRemoteThread',
'EnumResourceTypesA',
'SizeofResource',
'GetStartupInfoA',
'WideCharToMultiByte',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'CompareFileTime',
'FileTimeToLocalFileTime',
'CloseHandle',
'GetFileSize',
'LocalFree',
'VirtualAllocEx',
'WriteProcessMemory',
'ResumeThread',
'OpenProcess',
'VirtualFreeEx',
'ReadProcessMemory',
'WaitForSingleObject',
'GetModuleHandleA',
'GetLastError',
'LocalAlloc',
'FileTimeToSystemTime',
'LoadLibraryExA',
'FindFirstFileA',
'GlobalAlloc',
'LoadResource',
'GetTempFileNameA',
'GetFileAttributesA',
'FindClose',
'GetVersionExA',
'GlobalLock',
'GetTimeFormatA',
'GetTempPathA',
'ReadFile',
'LockResource',
'GetSystemDirectoryA',
'FormatMessageA',
'MultiByteToWideChar',
'GetModuleFileNameA',
'CreateFileA',
'GetWindowsDirectoryA',
'FindNextFileA',
'FindResourceA',
'GetDateFormatA',
'GlobalUnlock',
'RegisterWindowMessageA',
'GetMessageA',
'DrawTextExA',
'IsDialogMessageA',
'GetSysColorBrush',
'ShowWindow',
'ChildWindowFromPoint',
'SetCursor',
'LoadCursorA',
'MessageBoxA',
'DispatchMessageA',
'EndDialog',
'GetDlgItem',
'CreateWindowExA',
'InvalidateRect',
'SetDlgItemInt',
'GetClientRect',
'SetDlgItemTextA',
'GetDlgItemTextA',
'SetWindowTextA',
'GetSystemMetrics',
'DeferWindowPos',
'SendDlgItemMessageA',
'GetWindowRect',
'DefWindowProcA',
'TranslateAcceleratorA',
'GetWindowPlacement',
'SendMessageA',
'RegisterClassA',
'UpdateWindow',
'PostMessageA',
'SetMenu',
'LoadAcceleratorsA',
'SetWindowPos',
'LoadIconA',
'LoadImageA',
'GetWindowLongA',
'SetWindowLongA',
'SetFocus',
'SetClipboardData',
'EnableWindow',
'EmptyClipboard',
'MapWindowPoints',
'EnableMenuItem',
'ReleaseDC',
'OpenClipboard',
'GetClassNameA',
'CloseClipboard',
'GetMenuItemCount',
'GetSubMenu',
'GetMenuStringA',
'GetMenu',
'GetCursorPos',
'MoveWindow',
'GetDC',
'GetSysColor',
'CheckMenuItem',
'DestroyMenu',
'CreateDialogParamA',
'DestroyWindow',
'EnumChildWindows',
'GetMenuItemInfoA',
'GetWindowTextA',
'LoadMenuA',
'GetParent',
'ModifyMenuA',
'LoadStringA',
'DialogBoxParamA',
'GetDlgCtrlID',
'EndDeferWindowPos',
'GetFocus',
'BeginDeferWindowPos',
'TrackPopupMenu',
'PostQuitMessage',
'TranslateMessage',
'GetDlgItemInt',
'GetTextExtentPoint32A',
'SetBkColor',
'GetStockObject',
'SelectObject',
'GetDeviceCaps',
'SetTextColor',
'CreateFontIndirectA',
'SetBkMode',
'DeleteObject',
'FindTextA',
'GetSaveFileNameA',
'CryptDecrypt',
'CryptCreateHash',
'CryptReleaseContext',
'CryptGetHashParam',
'CryptDestroyHash',
'CryptHashData',
'CryptAcquireContextA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'RegDeleteKeyA',
'CryptDeriveKey',
'SHGetPathFromIDListA',
'SHGetMalloc',
'ShellExecuteA',
'SHBrowseForFolderA',
'CoInitialize',
'CoUninitialize'],
'LinkerVersion': 8,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 214,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 16292,
'SectionNames': {'.data\x00\x00\x00': 3072,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 15360,
'.rsrc\x00\x00\x00': 16384,
'.text\x00\x00\x00': 70144},
'StackReserveSize': 1048576,
'filename': './data/malware/1af8e45337900146089a025fb0f0c45a2738841dcbb547a85212d202e550672d'},
'1b0827e93dfec06d54b8504a3e5d9c73f227e24d7b5481e5435e09cacb391f6d': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'InitializeSecurityDescriptor',
'KERNEL32.dll': 'FindFirstFileA',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'SendDlgItemMessageA',
'msvcrt.dll': '_vsnprintf',
'ntdll.dll': 'NtShutdownSystem'},
'ImportedFunctions': ['__initenv',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'strncpy',
'strstr',
'_strlwr',
'strrchr',
'__getmainargs',
'_strnicmp',
'_wcsicmp',
'towlower',
'strchr',
'memset',
'tolower',
'memcpy',
'_snprintf',
'sprintf',
'free',
'malloc',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_stricmp',
'_vsnprintf',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'CryptAcquireContextA',
'CryptGenRandom',
'CryptReleaseContext',
'AllocateAndInitializeSid',
'OpenProcessToken',
'GetTokenInformation',
'GetLengthSid',
'InitiateSystemShutdownA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'InitializeSecurityDescriptor',
'CreateThread',
'GetFileSize',
'CreateProcessA',
'GetExitCodeProcess',
'DosDateTimeToFileTime',
'LocalFileTimeToFileTime',
'InitializeCriticalSectionAndSpinCount',
'SetEndOfFile',
'GetCurrentDirectoryA',
'QueryDosDeviceA',
'GetDiskFreeSpaceA',
'GetSystemTime',
'CreateEventA',
'SetFileAttributesA',
'CopyFileA',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SystemTimeToFileTime',
'GetProcessHeap',
'FindClose',
'FindNextFileA',
'SetFileTime',
'Sleep',
'GetVersionExA',
'ReadFile',
'SetFilePointer',
'MoveFileExA',
'RemoveDirectoryA',
'GetLastError',
'CreateDirectoryA',
'GetTickCount',
'SetErrorMode',
'CloseHandle',
'DeviceIoControl',
'CreateFileA',
'GetDriveTypeA',
'HeapFree',
'FormatMessageA',
'LeaveCriticalSection',
'DeleteFileA',
'EnterCriticalSection',
'TerminateProcess',
'WaitForMultipleObjects',
'CreateEventW',
'SetEvent',
'GetModuleFileNameA',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'WideCharToMultiByte',
'HeapAlloc',
'SetLastError',
'WriteFile',
'GetProcAddress',
'LoadLibraryA',
'GetSystemDirectoryA',
'FreeLibrary',
'MoveFileA',
'ExpandEnvironmentStringsA',
'ExitProcess',
'DeleteCriticalSection',
'FlushFileBuffers',
'WaitForSingleObject',
'OpenEventA',
'GetCurrentProcess',
'GetFileAttributesA',
'GetCommandLineA',
'FindFirstFileA',
'NtOpenProcessToken',
'NtAdjustPrivilegesToken',
'NtClose',
'NtShutdownSystem',
'ShowWindow',
'SendMessageA',
'DialogBoxParamA',
'MessageBoxA',
'SetParent',
'EndDialog',
'LoadStringA',
'SendDlgItemMessageA',
'SHBrowseForFolderA',
'SHGetPathFromIDListA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 133,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 9660,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 9728,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/1b0827e93dfec06d54b8504a3e5d9c73f227e24d7b5481e5435e09cacb391f6d'},
'1b0cfdff377f1ddae9a3f21461df10d138bf248cfc9703bf2929bb3b8640c345': {'AddressOfEntryPoint': 769184,
'DebugRVA': 985648,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 1200384,
'ExportSize': 251,
'IATRVA': 983040,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetTokenInformation',
'KERNEL32.dll': 'LocalAlloc',
'PSAPI.DLL': 'QueryWorkingSet',
'SHELL32.dll': 'SHGetFolderPathW',
'SHLWAPI.dll': 'PathRemoveFileSpecW',
'USER32.dll': 'CharUpperW',
'USERENV.dll': 'DestroyEnvironmentBlock',
'VERSION.dll': 'VerQueryValueW',
'WINMM.dll': 'timeBeginPeriod'},
'ImportedFunctions': ['GetUserDefaultUILanguage',
'TerminateProcess',
'GetCurrentProcess',
'GetTickCount',
'EnterCriticalSection',
'LeaveCriticalSection',
'SetInformationJobObject',
'WaitForSingleObject',
'SetLastError',
'GetLastError',
'InitializeCriticalSection',
'TerminateJobObject',
'SetEvent',
'GetQueuedCompletionStatus',
'ResetEvent',
'DuplicateHandle',
'GetCurrentThreadId',
'CreateThread',
'CreateEventW',
'CreateIoCompletionPort',
'DeleteCriticalSection',
'PostQueuedCompletionStatus',
'ResumeThread',
'SignalObjectAndWait',
'FreeLibrary',
'LoadLibraryW',
'WriteProcessMemory',
'MapViewOfFile',
'CreateFileMappingW',
'GetExitCodeProcess',
'GetThreadContext',
'AssignProcessToJobObject',
'UnregisterWaitEx',
'RegisterWaitForSingleObject',
'CreateJobObjectW',
'CreateMutexW',
'GetCurrentProcessId',
'GetModuleHandleW',
'VirtualFreeEx',
'VirtualAllocEx',
'VirtualProtectEx',
'CreateNamedPipeW',
'OpenEventW',
'SearchPathW',
'DebugBreak',
'lstrlenW',
'WideCharToMultiByte',
'VirtualQuery',
'ReadProcessMemory',
'GetLongPathNameW',
'GetFileAttributesW',
'CreateFileW',
'QueryDosDeviceW',
'GetCurrentDirectoryW',
'ReleaseMutex',
'DeleteFileW',
'SetFilePointer',
'WriteFile',
'OutputDebugStringA',
'FormatMessageA',
'MultiByteToWideChar',
'RtlCaptureStackBackTrace',
'ExpandEnvironmentStringsW',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'GetFileTime',
'UnmapViewOfFile',
'CompareFileTime',
'MoveFileExW',
'ReplaceFileW',
'CopyFileW',
'GetFileAttributesExW',
'RemoveDirectoryW',
'FindClose',
'CreateDirectoryW',
'FindNextFileW',
'FindFirstFileW',
'GetLogicalDriveStringsW',
'GetTempFileNameW',
'GetFileSize',
'ReadFile',
'VirtualFree',
'VirtualAlloc',
'SetEnvironmentVariableW',
'GetNativeSystemInfo',
'GetVersionExW',
'GetStdHandle',
'AllocConsole',
'AttachConsole',
'OpenProcess',
'CreateToolhelp32Snapshot',
'GetProcessIoCounters',
'VirtualQueryEx',
'HeapSetInformation',
'SetPriorityClass',
'Process32NextW',
'Process32FirstW',
'GetProcessHeaps',
'GetProcessId',
'GetProcessTimes',
'GetSystemTimeAsFileTime',
'GetSystemInfo',
'SetHandleInformation',
'CreatePipe',
'RaiseException',
'IsDebuggerPresent',
'InitializeCriticalSectionAndSpinCount',
'TryEnterCriticalSection',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'LocalFileTimeToFileTime',
'SystemTimeToFileTime',
'SetEndOfFile',
'SetFilePointerEx',
'FlushFileBuffers',
'SetFileTime',
'GetFileInformationByHandle',
'GetCurrentThread',
'GetDiskFreeSpaceExW',
'GlobalMemoryStatusEx',
'GetSystemDirectoryW',
'GetWindowsDirectoryW',
'ReleaseSemaphore',
'CreateSemaphoreW',
'WaitNamedPipeW',
'WaitForMultipleObjects',
'TransactNamedPipe',
'SetNamedPipeHandleState',
'GetDateFormatW',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlUnwindEx',
'GetStartupInfoW',
'HeapFree',
'GetConsoleCP',
'GetConsoleMode',
'GetFullPathNameW',
'SetStdHandle',
'GetFileType',
'HeapReAlloc',
'HeapAlloc',
'GetProcessHeap',
'RtlPcToFileHeader',
'LCMapStringA',
'LCMapStringW',
'GetCPInfo',
'GetModuleFileNameA',
'EncodePointer',
'DecodePointer',
'TlsAlloc',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'HeapCreate',
'HeapDestroy',
'HeapSize',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'SetConsoleCtrlHandler',
'GetTimeZoneInformation',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'FatalAppExitA',
'LoadLibraryA',
'GetLocaleInfoA',
'GetStringTypeA',
'GetStringTypeW',
'GetDateFormatA',
'GetTimeFormatA',
'GetUserDefaultLCID',
'EnumSystemLocalesA',
'IsValidLocale',
'GetLocaleInfoW',
'CreateFileA',
'GetCurrentDirectoryA',
'SetCurrentDirectoryA',
'GetDriveTypeA',
'GetFullPathNameA',
'CompareStringA',
'CompareStringW',
'SetEnvironmentVariableA',
'QueueUserWorkItem',
'GetTempPathW',
'LocalFree',
'CreateProcessW',
'CloseHandle',
'SetUnhandledExceptionFilter',
'ExitProcess',
'Sleep',
'GetCommandLineW',
'SetCurrentDirectoryW',
'LoadLibraryExW',
'GetEnvironmentVariableW',
'GetModuleFileNameW',
'GetModuleHandleA',
'GetUserDefaultLangID',
'GetProcAddress',
'LocalAlloc',
'WaitForInputIdle',
'MessageBoxW',
'wsprintfW',
'SystemParametersInfoW',
'GetKeyState',
'GetSystemMetrics',
'GetDesktopWindow',
'CloseWindowStation',
'CloseDesktop',
'UserHandleGrantAccess',
'CreateWindowStationW',
'GetProcessWindowStation',
'CreateDesktopW',
'SetProcessWindowStation',
'GetThreadDesktop',
'GetUserObjectInformationW',
'CharUpperW',
'ShellExecuteExW',
'SHChangeNotify',
'SHFileOperationW',
'ShellExecuteW',
'CommandLineToArgvW',
'SHGetFolderPathW',
'SHDeleteEmptyKeyW',
'UrlCanonicalizeW',
'SHStrDupW',
'SHDeleteKeyW',
'PathFileExistsW',
'PathRemoveFileSpecW',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'timeEndPeriod',
'timeGetTime',
'timeBeginPeriod',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'GetMappedFileNameW',
'GetProcessMemoryInfo',
'QueryWorkingSet',
'RegCloseKey',
'RegDisablePredefinedCache',
'RevertToSelf',
'SetSecurityInfo',
'GetSecurityDescriptorSacl',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'SetTokenInformation',
'GetLengthSid',
'ConvertStringSidToSidW',
'OpenProcessToken',
'SetThreadToken',
'CreateProcessAsUserW',
'CreateRestrictedToken',
'DuplicateTokenEx',
'DuplicateToken',
'RegOpenKeyExW',
'EqualSid',
'TraceEvent',
'UnregisterTraceGuids',
'RegisterTraceGuidsW',
'GetTraceLoggerHandle',
'GetTraceEnableFlags',
'GetTraceEnableLevel',
'GetSidSubAuthorityCount',
'GetSidSubAuthority',
'ConvertSidToStringSidW',
'RegNotifyChangeKeyValue',
'RegSetValueExW',
'RegDeleteValueW',
'RegEnumKeyExW',
'RegEnumValueW',
'RegQueryValueExW',
'RegQueryInfoKeyW',
'RegCreateKeyExW',
'SetEntriesInAclW',
'GetSecurityInfo',
'CreateWellKnownSid',
'CopySid',
'LookupPrivilegeValueW',
'GetTokenInformation'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 291,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 176168,
'SectionNames': {'.data\x00\x00\x00': 10240,
'.pdata\x00\x00': 69632,
'.rdata\x00\x00': 217600,
'.reloc\x00\x00': 6656,
'.rsrc\x00\x00\x00': 176640,
'.text\x00\x00\x00': 978944,
'data\x00\x00\x00\x00': 8704,
'text\x00\x00\x00\x00': 1536},
'StackReserveSize': 1048576,
'filename': './data/malware/1b0cfdff377f1ddae9a3f21461df10d138bf248cfc9703bf2929bb3b8640c345'},
'1b50d0858bb5662ccd46881a856bf7cb9be2fca6eacf4ae675e741a5c4966be9': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 339820,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 339968,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/1b50d0858bb5662ccd46881a856bf7cb9be2fca6eacf4ae675e741a5c4966be9'},
'1b5621c68261f4f97e9852f8f2799e00c9694865f488c40223abf9ebdfed37ed': {'AddressOfEntryPoint': 1074040274,
'DebugRVA': 25312,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegEnumKeyA',
'KERNEL32.dll': 'GetModuleFileNameA',
'jli.dll': 'JLI_MemFree',
'msvcrt.dll': '_strnicmp'},
'ImportedFunctions': ['JLI_ExactVersionId',
'JLI_JarUnpackFile',
'JLI_StringDup',
'JLI_ParseManifest',
'JLI_ValidVersionString',
'JLI_AcceptableRelease',
'JLI_FreeManifest',
'JLI_MemAlloc',
'JLI_MemFree',
'RegOpenKeyExA',
'RegCloseKey',
'RegQueryValueExA',
'RegEnumKeyA',
'_beginthreadex',
'_putenv',
'__C_specific_handler',
'_XcptFilter',
'_c_exit',
'_exit',
'_cexit',
'__initenv',
'__getmainargs',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'fflush',
'_errno',
'strerror',
'strchr',
'fgets',
'strcspn',
'strspn',
'strrchr',
'fopen',
'fwrite',
'fread',
'fclose',
'_iob',
'fprintf',
'memset',
'getenv',
'strcmp',
'exit',
'strcpy',
'strcat',
'printf',
'sprintf',
'memcpy',
'strncmp',
'sscanf',
'strlen',
'_access',
'_stat',
'_strnicmp',
'GetLastError',
'CloseHandle',
'FormatMessageA',
'WaitForSingleObject',
'CreateProcessA',
'LocalFree',
'QueryPerformanceFrequency',
'QueryPerformanceCounter',
'GetExitCodeProcess',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'LoadLibraryA',
'GetProcAddress',
'GetExitCodeThread',
'FreeLibrary',
'GetCommandLineA',
'GetModuleFileNameA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 82,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 2008,
'StackReserveSize': 1048576,
'filename': './data/malware/1b5621c68261f4f97e9852f8f2799e00c9694865f488c40223abf9ebdfed37ed'},
'1ba4df646c590d5a0595ed0f33e764e79535ccc5335057827214c716cd2a982d': {'AddressOfEntryPoint': 65636,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 40960,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'ntoskrnl.exe': 'ExAllocatePoolWithTag'},
'ImportedFunctions': ['ExFreePoolWithTag',
'RtlUpperChar',
'IoAttachDevice',
'KeBugCheckEx',
'ExAllocatePoolWithTag'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 5,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 8704,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 512,
'.text\x00\x00\x00': 34304,
'INIT\x00\x00\x00\x00': 512},
'StackReserveSize': 262144,
'filename': './data/malware/1ba4df646c590d5a0595ed0f33e764e79535ccc5335057827214c716cd2a982d'},
'1baa26354e41f811119b4c61a64d156d3c05f7b60f97976110fff40db3e24121': {'AddressOfEntryPoint': 5008,
'DebugRVA': 4160,
'DebugSize': 28,
'Dll': 49504,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 20480,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 11,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 3226840,
'SectionNames': {'.data\x00\x00\x00': 512,
'.idata\x00\x00': 2048,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 3227136,
'.text\x00\x00\x00': 8192},
'StackReserveSize': 524288,
'filename': './data/malware/1baa26354e41f811119b4c61a64d156d3c05f7b60f97976110fff40db3e24121'},
'1c14ade9d37a71d33dfb45c7d72f9f4b6a6ac3be425d723b4272b5cbe1ac735c': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3484,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/1c14ade9d37a71d33dfb45c7d72f9f4b6a6ac3be425d723b4272b5cbe1ac735c'},
'1c22680620514ba964277970ef4f2337cba95f2ee888ce2ba7fcc79696ceaf85': {'AddressOfEntryPoint': 231175,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 77824,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExA',
'KERNEL32.dll': 'GetSystemInfo',
'USER32.dll': 'LoadIconA'},
'ImportedFunctions': ['lstrcpyA',
'lstrcpynA',
'CreateProcessA',
'VirtualQuery',
'CloseHandle',
'GetExitCodeProcess',
'DeleteCriticalSection',
'EnterCriticalSection',
'Sleep',
'InitializeCriticalSection',
'LeaveCriticalSection',
'MultiByteToWideChar',
'GetCommandLineA',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'GetCPInfo',
'TlsAlloc',
'SetLastError',
'GetCurrentThreadId',
'GetLastError',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'GetProcAddress',
'GetModuleHandleA',
'ExitProcess',
'HeapSize',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'HeapCreate',
'FlushFileBuffers',
'SetFilePointer',
'SetUnhandledExceptionFilter',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'LCMapStringA',
'LCMapStringW',
'GetACP',
'GetOEMCP',
'HeapReAlloc',
'LoadLibraryA',
'IsBadReadPtr',
'IsBadWritePtr',
'IsBadCodePtr',
'SetStdHandle',
'ReadFile',
'VirtualProtect',
'GetSystemInfo',
'MsgWaitForMultipleObjects',
'PeekMessageA',
'TranslateMessage',
'DispatchMessageA',
'LoadIconA',
'RegQueryValueExA',
'RegOpenKeyExA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 72,
'NumberOfSections': 7,
'OSVersion': 4,
'ResSize': 43784,
'SectionNames': {'.data\x00\x00\x00': 5632,
'.pdata\x00\x00': 5632,
'.rdata\x00\x00': 24576,
'.rsrc\x00\x00\x00': 71680,
'.text\x00\x00\x00': 73728,
'atqsigf\x00': 0,
'tubjntj\x00': 31232},
'StackReserveSize': 1048576,
'filename': './data/malware/1c22680620514ba964277970ef4f2337cba95f2ee888ce2ba7fcc79696ceaf85'},
'1c3d5f48f9abdb8bc3ef5cb84c8652ca1516bdd7c78d3fc972adcedad55df69d': {'AddressOfEntryPoint': 125112,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 598016,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'LogonUserW',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetBkMode',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocDescriptorEx',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'DestroyWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'VerQueryValueW',
'WININET.dll': 'InternetReadFile',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['WSACleanup',
'ntohs',
'recvfrom',
'sendto',
'htons',
'ioctlsocket',
'listen',
'bind',
'WSAStartup',
'closesocket',
'connect',
'socket',
'send',
'WSAGetLastError',
'select',
'accept',
'__WSAFDIsSet',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Destroy',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_ReplaceIcon',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetSetOptionW',
'InternetCloseHandle',
'InternetOpenUrlW',
'InternetConnectW',
'FtpOpenFileW',
'HttpQueryInfoW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpGetFileSize',
'InternetCrackUrlW',
'InternetOpenW',
'InternetReadFile',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'UnloadUserProfile',
'DestroyEnvironmentBlock',
'CreateEnvironmentBlock',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'GetVersionExW',
'GetSystemInfo',
'GetModuleHandleW',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'ReadFile',
'SetFilePointer',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CompareStringW',
'WriteFile',
'GetProcessHeap',
'CreatePipe',
'EnterCriticalSection',
'TerminateThread',
'LeaveCriticalSection',
'DeleteCriticalSection',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'LoadLibraryA',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'RaiseException',
'RtlPcToFileHeader',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FreeLibrary',
'InitializeCriticalSection',
'GetProcAddress',
'LoadLibraryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetModuleFileNameA',
'RtlUnwindEx',
'InitializeCriticalSectionAndSpinCount',
'HeapSize',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'FlushFileBuffers',
'LCMapStringW',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'LCMapStringA',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapReAlloc',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'CompareStringA',
'GetStdHandle',
'SetEnvironmentVariableA',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'GetClipboardData',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'IsCharUpperW',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'GetDC',
'SystemParametersInfoW',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'keybd_event',
'VkKeyScanA',
'GetKeyboardLayoutNameA',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'EndPaint',
'BeginPaint',
'GetMenu',
'GetClientRect',
'CopyRect',
'CharUpperBuffW',
'EnumWindows',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'SendMessageTimeoutW',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'EnumChildWindows',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'IsCharLowerW',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursor',
'WindowFromPoint',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'EnumThreadWindows',
'ReleaseDC',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'FindWindowW',
'CloseClipboard',
'DestroyWindow',
'RoundRect',
'DeleteObject',
'CreateCompatibleDC',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CreateDIBSection',
'SelectObject',
'BitBlt',
'GetDIBits',
'DeleteDC',
'CloseFigure',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetDeviceCaps',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'CreateCompatibleBitmap',
'GetPixel',
'SetBkMode',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'SetSecurityDescriptorDacl',
'AddAce',
'GetAce',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'GetAclInformation',
'CopySid',
'GetTokenInformation',
'GetSecurityDescriptorDacl',
'LogonUserW',
'DragQueryPoint',
'ShellExecuteExW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'IIDFromString',
'StringFromIID',
'CLSIDFromString',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'StringFromCLSID',
'OleUninitialize',
'SafeArrayAllocData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'SafeArrayUnaccessData',
'SafeArrayGetVartype',
'OleLoadPicture',
'SysAllocString',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'VarR8FromDec',
'SafeArrayAllocDescriptorEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 506,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 16216,
'SectionNames': {'.data\x00\x00\x00': 17408,
'.pdata\x00\x00': 25600,
'.rdata\x00\x00': 86528,
'.rsrc\x00\x00\x00': 16384,
'.text\x00\x00\x00': 590848},
'StackReserveSize': 4194304,
'filename': './data/malware/1c3d5f48f9abdb8bc3ef5cb84c8652ca1516bdd7c78d3fc972adcedad55df69d'},
'1c4b22b2601bb190b754c12e45dbe9413dfc98ecfe632b0e187da35954236d92': {'AddressOfEntryPoint': 359424,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 305568,
'ExportSize': 2012,
'IATRVA': 249856,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetStringTypeW',
'USER32.dll': 'CharToOemA',
'WSOCK32.dll': 'accept'},
'ImportedFunctions': ['ioctlsocket',
'gethostbyname',
'htons',
'connect',
'setsockopt',
'select',
'WSAGetLastError',
'recvfrom',
'sendto',
'WSAStartup',
'WSACleanup',
'closesocket',
'socket',
'bind',
'listen',
'accept',
'CharToOemA',
'HeapFree',
'DuplicateHandle',
'CreateDirectoryA',
'WaitForSingleObject',
'GetExitCodeProcess',
'VirtualQuery',
'VirtualAlloc',
'VirtualProtect',
'SetEndOfFile',
'SetStdHandle',
'GetTimeZoneInformation',
'GetLocaleInfoA',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'CreateFileA',
'GetLocalTime',
'GetCurrentProcessId',
'GetVersionExA',
'FlushInstructionCache',
'VirtualProtectEx',
'ReadProcessMemory',
'WriteProcessMemory',
'SuspendThread',
'ResumeThread',
'DebugActiveProcess',
'ContinueDebugEvent',
'SetThreadContext',
'GetThreadContext',
'TerminateProcess',
'GetThreadSelectorEntry',
'GetModuleHandleA',
'WaitForDebugEvent',
'SetEvent',
'VirtualQueryEx',
'GetSystemInfo',
'CreateProcessA',
'GetStartupInfoA',
'QueryDosDeviceA',
'GetLogicalDriveStringsA',
'GetCurrentDirectoryA',
'GetSystemDirectoryA',
'WideCharToMultiByte',
'FormatMessageA',
'GetTempPathA',
'GetFullPathNameA',
'GetFileAttributesA',
'GetTickCount',
'Sleep',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'ExitProcess',
'SetConsoleCtrlHandler',
'RaiseException',
'RtlPcToFileHeader',
'FindClose',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'FindFirstFileA',
'GetCommandLineA',
'SetEnvironmentVariableW',
'HeapAlloc',
'GetProcessHeap',
'EnterCriticalSection',
'LeaveCriticalSection',
'HeapReAlloc',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'RtlCaptureContext',
'TlsAlloc',
'SetLastError',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'DeleteCriticalSection',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'HeapSize',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'HeapSetInformation',
'HeapCreate',
'MultiByteToWideChar',
'ReadFile',
'GetConsoleCP',
'SetFilePointer',
'LCMapStringA',
'LCMapStringW',
'FlushFileBuffers',
'IsBadReadPtr',
'IsBadWritePtr',
'IsBadCodePtr',
'InitializeCriticalSection',
'CompareStringA',
'CompareStringW',
'SetEnvironmentVariableA',
'GetStringTypeA',
'GetStringTypeW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 129,
'NumberOfSections': 4,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 7680,
'.pdata\x00\x00': 21504,
'.rdata\x00\x00': 57856,
'.text\x00\x00\x00': 245760},
'StackReserveSize': 1048576,
'filename': './data/malware/1c4b22b2601bb190b754c12e45dbe9413dfc98ecfe632b0e187da35954236d92'},
'1cbf329b143a0932064dc1ade7da9657fa218779dc99b140be6a986e17a09e11': {'AddressOfEntryPoint': 330024,
'DebugRVA': 452544,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 556704,
'ExportSize': 251,
'IATRVA': 450560,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'CopySid',
'KERNEL32.dll': 'RaiseException',
'SHELL32.dll': 'SHGetFolderPathW',
'SHLWAPI.dll': 'PathFileExistsW',
'USER32.dll': 'CharUpperW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WINMM.dll': 'timeGetTime'},
'ImportedFunctions': ['PathRemoveFileSpecW',
'PathFileExistsW',
'GetTickCount',
'TerminateProcess',
'GetCurrentProcess',
'EnterCriticalSection',
'LeaveCriticalSection',
'SetInformationJobObject',
'WaitForSingleObject',
'SetLastError',
'GetLastError',
'InitializeCriticalSection',
'TerminateJobObject',
'SetEvent',
'GetQueuedCompletionStatus',
'ResetEvent',
'DuplicateHandle',
'GetCurrentThreadId',
'CreateThread',
'CreateEventW',
'CreateIoCompletionPort',
'DeleteCriticalSection',
'PostQueuedCompletionStatus',
'SignalObjectAndWait',
'SetHandleInformation',
'GetProcessHandleCount',
'VirtualFree',
'FreeLibrary',
'LoadLibraryW',
'WriteProcessMemory',
'MapViewOfFile',
'CreateFileMappingW',
'GetExitCodeProcess',
'GetThreadContext',
'AssignProcessToJobObject',
'UnregisterWaitEx',
'RegisterWaitForSingleObject',
'VirtualFreeEx',
'VirtualAllocEx',
'VirtualProtectEx',
'GetLongPathNameW',
'GetFileAttributesW',
'GetModuleHandleW',
'CreateFileW',
'QueryDosDeviceW',
'CreateJobObjectW',
'CreateMutexW',
'GetCurrentProcessId',
'CreateNamedPipeW',
'OpenEventW',
'SearchPathW',
'DebugBreak',
'lstrlenW',
'WideCharToMultiByte',
'VirtualQuery',
'ReadProcessMemory',
'GetCurrentDirectoryW',
'ReleaseMutex',
'SetFilePointer',
'WriteFile',
'OutputDebugStringA',
'FormatMessageA',
'ExpandEnvironmentStringsW',
'ReadFile',
'VirtualAlloc',
'SetEnvironmentVariableW',
'MultiByteToWideChar',
'GetUserDefaultLangID',
'GetNativeSystemInfo',
'GetVersionExW',
'GetUserDefaultUILanguage',
'IsDebuggerPresent',
'InitializeCriticalSectionAndSpinCount',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'QueryPerformanceFrequency',
'FlushFileBuffers',
'RtlCaptureStackBackTrace',
'TlsGetValue',
'TlsFree',
'TlsSetValue',
'TlsAlloc',
'GetStdHandle',
'HeapSetInformation',
'ReleaseSemaphore',
'CreateSemaphoreW',
'WaitNamedPipeW',
'WaitForMultipleObjects',
'TransactNamedPipe',
'SetNamedPipeHandleState',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlUnwindEx',
'GetStartupInfoW',
'HeapFree',
'GetConsoleCP',
'GetConsoleMode',
'HeapAlloc',
'SetStdHandle',
'GetFileType',
'HeapReAlloc',
'GetCPInfo',
'RtlPcToFileHeader',
'LCMapStringA',
'LCMapStringW',
'GetModuleFileNameA',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'HeapCreate',
'HeapSize',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetTimeZoneInformation',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'LoadLibraryA',
'GetStringTypeA',
'GetStringTypeW',
'GetUserDefaultLCID',
'GetLocaleInfoA',
'EnumSystemLocalesA',
'IsValidLocale',
'GetLocaleInfoW',
'CreateFileA',
'CompareStringA',
'CompareStringW',
'SetEnvironmentVariableA',
'QueueUserWorkItem',
'GetTempPathW',
'LocalFree',
'GetCommandLineW',
'CreateProcessW',
'CloseHandle',
'SetUnhandledExceptionFilter',
'ExitProcess',
'Sleep',
'GetModuleHandleA',
'GetProcAddress',
'SetCurrentDirectoryW',
'LoadLibraryExW',
'GetEnvironmentVariableW',
'GetModuleFileNameW',
'GetSystemDirectoryW',
'GetWindowsDirectoryW',
'RaiseException',
'CloseDesktop',
'CloseWindowStation',
'CreateWindowStationW',
'GetProcessWindowStation',
'CreateDesktopW',
'SetProcessWindowStation',
'GetThreadDesktop',
'GetUserObjectInformationW',
'MessageBoxW',
'CharUpperW',
'CommandLineToArgvW',
'SHGetFolderPathW',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'RegCloseKey',
'RegDisablePredefinedCache',
'RevertToSelf',
'SetSecurityInfo',
'GetSecurityDescriptorSacl',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'SetTokenInformation',
'GetLengthSid',
'ConvertStringSidToSidW',
'OpenProcessToken',
'SetThreadToken',
'CreateProcessAsUserW',
'RegCreateKeyExW',
'CreateRestrictedToken',
'DuplicateTokenEx',
'DuplicateToken',
'EqualSid',
'GetTokenInformation',
'LookupPrivilegeValueW',
'RegOpenKeyExW',
'TraceEvent',
'UnregisterTraceGuids',
'RegisterTraceGuidsW',
'GetTraceLoggerHandle',
'GetTraceEnableFlags',
'GetTraceEnableLevel',
'ConvertSidToStringSidW',
'RegSetValueExW',
'RegDeleteValueW',
'RegEnumKeyExW',
'RegQueryValueExW',
'RegQueryInfoKeyW',
'SetEntriesInAclW',
'GetSecurityInfo',
'CreateWellKnownSid',
'CopySid'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 213,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 2004,
'SectionNames': {'.data\x00\x00\x00': 10752,
'.pdata\x00\x00': 27136,
'.rdata\x00\x00': 106496,
'.reloc\x00\x00': 4608,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 442880,
'data\x00\x00\x00\x00': 8704,
'text\x00\x00\x00\x00': 1536},
'StackReserveSize': 1048576,
'filename': './data/malware/1cbf329b143a0932064dc1ade7da9657fa218779dc99b140be6a986e17a09e11'},
'1d26329a19713971dd82b2a3e5e3deb38df996095365e09d68ec71596ec4a1dc': {'AddressOfEntryPoint': 41871,
'DebugRVA': 8528,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 486539264,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetCurrentProcessId',
'MSVCR80.dll': '__setusermatherr',
'python26.dll': 'Py_Main'},
'ImportedFunctions': ['Py_Main',
'_exit',
'_ismbblead',
'_cexit',
'exit',
'_acmdln',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'_XcptFilter',
'_commode',
'_fmode',
'_encode_pointer',
'__set_app_type',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'__C_specific_handler',
'__getmainargs',
'_amsg_exit',
'__argv',
'__argc',
'__setusermatherr',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'GetStartupInfoA',
'Sleep',
'GetCurrentProcessId'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 32,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 20636,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 48640,
'.text\x00\x00\x00': 2560},
'StackReserveSize': 2000000,
'filename': './data/malware/1d26329a19713971dd82b2a3e5e3deb38df996095365e09d68ec71596ec4a1dc'},
'1d278653e0cbe848bf17fe3f778cfa38e9a79a507a231b1ef76dd62fb69ac5f5': {'AddressOfEntryPoint': 1789960,
'DebugRVA': 1524288,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 1523712,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 10,
'OSVersion': 6,
'ResSize': 896,
'SectionNames': {'.aot\x00\x00\x00\x00': 47616,
'.data\x00\x00\x00': 53760,
'.pdata\x00\x00': 50688,
'.rdata\x00\x00': 153088,
'.reloc\x00\x00': 11776,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 1458688,
'INIT\x00\x00\x00\x00': 2560,
'init\x00\x00\x00\x00': 512,
'page\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/1d278653e0cbe848bf17fe3f778cfa38e9a79a507a231b1ef76dd62fb69ac5f5'},
'1d911f1eb16af290edad1219a45875f30693d6a36af322934cc597f0073f6457': {'AddressOfEntryPoint': 48472,
'DebugRVA': 87360,
'DebugSize': 28,
'Dll': 33024,
'ExportRVA': 96768,
'ExportSize': 51,
'IATRVA': 86016,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'InitCommonControlsEx',
'GDI32.dll': 'DeleteDC',
'KERNEL32.dll': 'DosDateTimeToFileTime',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'SHGetPathFromIDListW',
'SHLWAPI.dll': 'SHAutoComplete',
'USER32.dll': 'GetClientRect',
'ole32.dll': 'CLSIDFromString'},
'ImportedFunctions': ['InitCommonControlsEx',
'SHAutoComplete',
'DeleteFileW',
'DeleteFileA',
'CreateDirectoryA',
'CreateDirectoryW',
'FindClose',
'FindNextFileA',
'FindFirstFileA',
'FindNextFileW',
'FindFirstFileW',
'GetTickCount',
'WideCharToMultiByte',
'GlobalAlloc',
'GetVersionExW',
'GetFullPathNameA',
'GetFullPathNameW',
'GetModuleFileNameW',
'FindResourceW',
'GetModuleHandleW',
'HeapAlloc',
'GetProcessHeap',
'HeapFree',
'HeapReAlloc',
'CompareStringA',
'ExitProcess',
'GetLocaleInfoW',
'GetNumberFormatW',
'SetFileAttributesW',
'GetDateFormatW',
'GetTimeFormatW',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'ExpandEnvironmentStringsW',
'WaitForSingleObject',
'Sleep',
'GetTempPathW',
'MoveFileExW',
'UnmapViewOfFile',
'GetCommandLineW',
'MapViewOfFile',
'CreateFileMappingW',
'SetEnvironmentVariableW',
'OpenFileMappingW',
'GetProcAddress',
'LocalFileTimeToFileTime',
'SystemTimeToFileTime',
'GetSystemTime',
'MultiByteToWideChar',
'CompareStringW',
'IsDBCSLeadByte',
'GetCPInfo',
'SetCurrentDirectoryW',
'LoadLibraryW',
'FreeLibrary',
'SetFileAttributesA',
'GetFileAttributesW',
'GetFileAttributesA',
'WriteFile',
'GetStdHandle',
'ReadFile',
'CreateFileW',
'GetCurrentDirectoryW',
'CreateFileA',
'GetFileType',
'SetEndOfFile',
'SetFilePointer',
'MoveFileW',
'SetFileTime',
'CloseHandle',
'SetLastError',
'GetLastError',
'DosDateTimeToFileTime',
'wvsprintfA',
'wvsprintfW',
'ReleaseDC',
'GetDC',
'SendMessageW',
'SetDlgItemTextW',
'SetFocus',
'EndDialog',
'DestroyIcon',
'SendDlgItemMessageW',
'GetDlgItemTextW',
'GetClassNameW',
'DialogBoxParamW',
'IsWindowVisible',
'WaitForInputIdle',
'SetForegroundWindow',
'GetSysColor',
'PostMessageW',
'LoadBitmapW',
'LoadIconW',
'CharToOemA',
'OemToCharA',
'CharUpperA',
'GetParent',
'MapWindowPoints',
'CreateWindowExW',
'UpdateWindow',
'SetWindowTextW',
'LoadCursorW',
'RegisterClassExW',
'SetWindowLongPtrW',
'GetWindowLongPtrW',
'DefWindowProcW',
'PeekMessageW',
'GetMessageW',
'TranslateMessage',
'DispatchMessageW',
'DestroyWindow',
'CopyRect',
'IsWindow',
'CharToOemBuffW',
'MessageBoxW',
'ShowWindow',
'GetDlgItem',
'EnableWindow',
'OemToCharBuffA',
'CharToOemBuffA',
'LoadStringW',
'SetWindowPos',
'GetWindowTextW',
'GetSystemMetrics',
'GetWindow',
'GetWindowLongW',
'SetWindowLongW',
'CharUpperW',
'FindWindowExW',
'GetWindowRect',
'GetClientRect',
'GetDeviceCaps',
'GetObjectW',
'CreateCompatibleBitmap',
'SelectObject',
'StretchBlt',
'CreateCompatibleDC',
'DeleteObject',
'DeleteDC',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'RegCloseKey',
'SHChangeNotify',
'ShellExecuteExW',
'SHFileOperationW',
'SHGetFileInfoW',
'SHGetSpecialFolderLocation',
'SHGetMalloc',
'SHBrowseForFolderW',
'SHGetPathFromIDListW',
'CreateStreamOnHGlobal',
'OleInitialize',
'CoCreateInstance',
'OleUninitialize',
'CLSIDFromString',
'VariantInit'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 158,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 88852,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 4096,
'.rdata\x00\x00': 11264,
'.rsrc\x00\x00\x00': 89088,
'.text\x00\x00\x00': 80384},
'StackReserveSize': 1048576,
'filename': './data/malware/1d911f1eb16af290edad1219a45875f30693d6a36af322934cc597f0073f6457'},
'1d94a265bb89f2f1155e2066c4585455f31dd0607772e930f04e9204e6889db6': {'AddressOfEntryPoint': 35132,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'EnumProcessModules'},
'ImportedFunctions': ['GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'Sleep',
'OpenProcess',
'GetExitCodeProcess',
'TerminateProcess',
'CloseHandle',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'CreateFileW',
'CreateThread',
'GetCurrentProcess',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetModuleFileNameW',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 58880},
'StackReserveSize': 1048576,
'filename': './data/malware/1d94a265bb89f2f1155e2066c4585455f31dd0607772e930f04e9204e6889db6'},
'1e05bc15c50398089c5e2bebd15ddbc5c07e382e181041c575481a4f2a3f2e62': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 346856,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 630784,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/1e05bc15c50398089c5e2bebd15ddbc5c07e382e181041c575481a4f2a3f2e62'},
'1e70874eff6d7ca829968eca23f6c43478488d12442ba676227ad7a47cb9ba06': {'AddressOfEntryPoint': 484736,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 585728,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'COMCTL32.dll': 'ImageList_Remove',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetCancelConnection2W',
'OLEAUT32.dll': 'GetActiveObject',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'SetKeyboardState',
'VERSION.dll': 'VerQueryValueW',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'listen',
'comdlg32.dll': 'GetOpenFileNameW',
'ole32.dll': 'CoTaskMemFree'},
'ImportedFunctions': ['__WSAFDIsSet',
'recv',
'send',
'socket',
'connect',
'closesocket',
'bind',
'select',
'accept',
'htons',
'sendto',
'recvfrom',
'ntohs',
'WSAGetLastError',
'ioctlsocket',
'WSACleanup',
'inet_addr',
'gethostbyname',
'WSAStartup',
'gethostname',
'listen',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'waveOutSetVolume',
'timeGetTime',
'mciSendStringW',
'ImageList_DragEnter',
'ImageList_BeginDrag',
'ImageList_SetDragCursorImage',
'ImageList_DragMove',
'ImageList_EndDrag',
'ImageList_DragLeave',
'ImageList_Destroy',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Remove',
'WNetUseConnectionW',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetCancelConnection2W',
'QueryPerformanceFrequency',
'UnmapViewOfFile',
'OpenProcess',
'CreateFileMappingW',
'MapViewOfFile',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'ReadFile',
'SetFilePointer',
'OutputDebugStringW',
'CreateDirectoryW',
'RemoveDirectoryW',
'TerminateProcess',
'SetSystemPowerState',
'SetFileTime',
'FindResourceW',
'GetFileAttributesW',
'LoadResource',
'FindFirstFileW',
'LockResource',
'FindClose',
'SizeofResource',
'EnumResourceNamesW',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'GetLocalTime',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CompareStringW',
'WriteFile',
'CreatePipe',
'GetStdHandle',
'EnterCriticalSection',
'TerminateThread',
'LeaveCriticalSection',
'DeleteCriticalSection',
'GetTempPathW',
'GetTempFileNameW',
'FormatMessageW',
'GetExitCodeProcess',
'VirtualFree',
'GetDriveTypeW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'DeviceIoControl',
'SetErrorMode',
'QueryPerformanceCounter',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'SetFileAttributesW',
'GetPrivateProfileSectionNamesW',
'GetShortPathNameW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GlobalAlloc',
'SetProcessWorkingSetSize',
'GlobalMemoryStatus',
'Beep',
'GetEnvironmentVariableW',
'GetFileSize',
'SetEnvironmentVariableW',
'GlobalFree',
'GlobalLock',
'GlobalUnlock',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'CreateProcessW',
'SetPriorityClass',
'VirtualAlloc',
'LoadLibraryExW',
'GetStartupInfoW',
'GetVersionExA',
'ResumeThread',
'GetSystemTimeAsFileTime',
'ExitThread',
'ExitProcess',
'GetModuleHandleA',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'TlsSetValue',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlCaptureContext',
'RaiseException',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'RtlUnwindEx',
'HeapSize',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'SetHandleCount',
'GetModuleHandleW',
'GetSystemInfo',
'GetVersionExW',
'GetCurrentThreadId',
'Sleep',
'HeapFree',
'CloseHandle',
'GetCurrentProcess',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'HeapAlloc',
'GetLastError',
'GetProcessHeap',
'LoadLibraryA',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetFileType',
'GetStartupInfoA',
'FlushFileBuffers',
'GetCurrentDirectoryW',
'FreeLibrary',
'InitializeCriticalSection',
'GetProcAddress',
'LoadLibraryW',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'SetStdHandle',
'LCMapStringA',
'LCMapStringW',
'GetTimeZoneInformation',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'GetTickCount',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapReAlloc',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'SetEndOfFile',
'CompareStringA',
'GetPrivateProfileStringW',
'SetEnvironmentVariableA',
'PtInRect',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowTextLengthW',
'GetWindowDC',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSystemMetrics',
'SetWindowLongPtrW',
'CreateMenu',
'GetSysColor',
'IsDlgButtonChecked',
'GetActiveWindow',
'InflateRect',
'CharNextW',
'DrawFocusRect',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'CountClipboardFormats',
'CharLowerBuffW',
'UnregisterHotKey',
'GetMessageW',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'TrackPopupMenuEx',
'FillRect',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'SystemParametersInfoW',
'IsCharLowerW',
'GetKeyState',
'keybd_event',
'GetCursor',
'GetKeyboardLayoutNameA',
'GetAsyncKeyState',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'DestroyWindow',
'GetMenu',
'GetClientRect',
'EndPaint',
'CopyRect',
'BeginPaint',
'EnumWindows',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'EnumChildWindows',
'CharUpperBuffW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'DrawFrameControl',
'FrameRect',
'RedrawWindow',
'DrawTextW',
'wsprintfW',
'FlashWindow',
'SetWindowLongW',
'GetWindowLongW',
'IsZoomed',
'GetCaretPos',
'GetSubMenu',
'GetCursorPos',
'GetMenuStringW',
'SendMessageTimeoutW',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'MessageBoxW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'IsCharUpperW',
'GetKeyboardLayoutNameW',
'SetWindowPos',
'CopyImage',
'CloseClipboard',
'GetClipboardData',
'IsClipboardFormatAvailable',
'OpenClipboard',
'AdjustWindowRectEx',
'SetRect',
'ClientToScreen',
'RegisterHotKey',
'GetKeyboardState',
'ReleaseDC',
'MessageBoxA',
'RegisterWindowMessageW',
'DestroyIcon',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'GetDC',
'WindowFromPoint',
'SetClipboardData',
'VkKeyScanA',
'EmptyClipboard',
'SetKeyboardState',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CloseFigure',
'SetPixel',
'EndPath',
'StrokePath',
'StrokeAndFillPath',
'ExtCreatePen',
'PolyBezierTo',
'SetViewportOrgEx',
'Rectangle',
'GetObjectW',
'SetBkMode',
'CreateDCW',
'CreateCompatibleBitmap',
'GetPixel',
'DeleteDC',
'GetDIBits',
'BitBlt',
'SelectObject',
'CreateDIBSection',
'CreateCompatibleDC',
'CreateFontW',
'GetDeviceCaps',
'GetTextFaceW',
'GetStockObject',
'GetTextExtentPoint32W',
'DeleteObject',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegSetValueExW',
'RegCreateKeyExW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'DragQueryPoint',
'ShellExecuteExW',
'DragQueryFileW',
'SHBrowseForFolderW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'SHFileOperationW',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'IIDFromString',
'StringFromIID',
'CLSIDFromString',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'StringFromCLSID',
'OleUninitialize',
'CoTaskMemAlloc',
'CoTaskMemFree',
'LoadRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayDestroyData',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VarR8FromDec',
'VariantTimeToSystemTime',
'VariantClear',
'VariantCopy',
'VariantInit',
'GetActiveObject'],
'LinkerVersion': 8,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 459,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 14092,
'SectionNames': {'.data\x00\x00\x00': 16896,
'.pdata\x00\x00': 19456,
'.rdata\x00\x00': 81920,
'.rsrc\x00\x00\x00': 14336,
'.text\x00\x00\x00': 580096},
'StackReserveSize': 4194304,
'filename': './data/malware/1e70874eff6d7ca829968eca23f6c43478488d12442ba676227ad7a47cb9ba06'},
'1ebebe4cf789d000f700d89be46dbbfc2b1edca283dc4e2e46eeb0a6d1133144': {'AddressOfEntryPoint': 1073973013,
'DebugRVA': 116080,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 114688,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryInfoKeyW',
'KERNEL32.dll': 'FreeEnvironmentStringsW',
'OLEAUT32.dll': 'SysFreeString',
'SHELL32.dll': 'SHGetFileInfoW',
'SHLWAPI.dll': 'StrCatW',
'USER32.dll': 'LoadImageW',
'accelerometerDLL.dll': '?FindAccelerometerDevice@@YAEPEAPEAX@Z',
'ole32.dll': 'StringFromGUID2'},
'ImportedFunctions': ['?IsSoftwareEnabled@@YAKPEAXPEAE@Z',
'?RegisterForAccelerometerEnabledEvent@@YAPEAXPEAUHWND__@@PEAX@Z',
'?GetAccelerometerProperty@@YAKPEAXW4_ACCELEROMETER_PROPERTY_FLAGS@@0@Z',
'?FindAccelerometerDevice@@YAEPEAPEAX@Z',
'MultiByteToWideChar',
'SizeofResource',
'LoadResource',
'FindResourceW',
'LoadLibraryExW',
'lstrcmpiW',
'RaiseException',
'CloseHandle',
'CreateThread',
'CreateEventW',
'WaitForSingleObject',
'GetCurrentThreadId',
'DeleteCriticalSection',
'SetEvent',
'InitializeCriticalSection',
'GetCurrentProcess',
'GetEnvironmentVariableW',
'ReleaseMutex',
'CreateMutexW',
'LockResource',
'FindResourceExW',
'EnterCriticalSection',
'FreeLibrary',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'LCMapStringW',
'LCMapStringA',
'GetStringTypeW',
'GetStringTypeA',
'GetConsoleMode',
'GetConsoleCP',
'SetFilePointer',
'WideCharToMultiByte',
'GetLocaleInfoA',
'GetLastError',
'GetModuleFileNameW',
'lstrlenW',
'GetProcAddress',
'Sleep',
'GetCommandLineW',
'GetModuleHandleW',
'CreateFileA',
'FlushFileBuffers',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'LoadLibraryA',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetCPInfo',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetTickCount',
'QueryPerformanceCounter',
'GetStartupInfoA',
'GetFileType',
'GetModuleFileNameA',
'GetStdHandle',
'WriteFile',
'ExitProcess',
'FlsAlloc',
'SetLastError',
'FlsFree',
'FlsSetValue',
'SetHandleCount',
'GetEnvironmentStringsW',
'HeapDestroy',
'HeapAlloc',
'HeapFree',
'HeapReAlloc',
'HeapSize',
'GetProcessHeap',
'RtlPcToFileHeader',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'GetStartupInfoW',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'HeapSetInformation',
'HeapCreate',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FreeEnvironmentStringsW',
'DispatchMessageW',
'TranslateMessage',
'GetMessageW',
'CharUpperW',
'ShowWindow',
'IsIconic',
'SetForegroundWindow',
'FindWindowW',
'CharNextW',
'LoadStringW',
'PostThreadMessageW',
'SendMessageTimeoutW',
'DestroyWindow',
'SetWindowLongPtrW',
'GetWindowLongPtrW',
'DefWindowProcW',
'RegisterClassExW',
'CreateWindowExW',
'LoadImageW',
'RegEnumKeyExW',
'TraceMessage',
'OpenProcessToken',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'RegSetValueExW',
'RegCreateKeyExW',
'RegDeleteValueW',
'RegOpenKeyExW',
'RegCloseKey',
'RegDeleteKeyW',
'RegQueryInfoKeyW',
'ShellExecuteW',
'SHGetFileInfoW',
'CoRegisterClassObject',
'CoRevokeClassObject',
'CoTaskMemRealloc',
'CoUninitialize',
'StringFromCLSID',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CoCreateInstance',
'CoInitialize',
'StringFromGUID2',
'LoadRegTypeLib',
'VarUI4FromStr',
'UnRegisterTypeLib',
'LoadTypeLib',
'SysStringLen',
'RegisterTypeLib',
'SysAllocString',
'SysFreeString',
'StrCatW'],
'LinkerVersion': 9,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 146,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 66624,
'SectionNames': {'.data\x00\x00\x00': 7680,
'.pdata\x00\x00': 7680,
'.rdata\x00\x00': 31744,
'.text\x00\x00\x00': 109056,
'Ѡ\x03\x00c\x00\x00\x00': 67072},
'StackReserveSize': 1048576,
'filename': './data/malware/1ebebe4cf789d000f700d89be46dbbfc2b1edca283dc4e2e46eeb0a6d1133144'},
'1f02b810f254fda92c1f45203b5f204d6dc7b27e92d832ccb633de5d790492fc': {'AddressOfEntryPoint': 241732,
'DebugRVA': 70896,
'DebugSize': 28,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 69632,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueExA',
'KERNEL32.dll': 'TerminateProcess',
'MSVCR80.dll': '?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'OLEAUT32.dll': 'VariantClear',
'WS2_32.dll': 'inet_ntoa'},
'ImportedFunctions': ['SetThreadAffinityMask',
'GetConsoleCP',
'SetConsoleCP',
'GetProcessHeap',
'HeapFree',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'WaitForSingleObject',
'GetExitCodeThread',
'IsDebuggerPresent',
'DuplicateHandle',
'Sleep',
'GetModuleFileNameA',
'GetSystemDirectoryA',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'SetEndOfFile',
'GetCurrentProcessId',
'SleepEx',
'GetStdHandle',
'GetConsoleMode',
'SetConsoleMode',
'GetCurrentProcess',
'GetCurrentThread',
'CloseHandle',
'GetComputerNameA',
'GetVersionExA',
'GetSystemInfo',
'GetLastError',
'TerminateProcess',
'_stricmp',
'_lseek',
'strcpy_s',
'strncpy_s',
'strtoul',
'sprintf_s',
'strcat_s',
'getenv',
'_set_invalid_parameter_handler',
'atoi',
'strrchr',
'setlocale',
'_decode_pointer',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'?terminate@@YAXXZ',
'__crt_debugger_hook',
'__set_app_type',
'_encode_pointer',
'_commode',
'__setusermatherr',
'_configthreadlocale',
'_initterm_e',
'_initterm',
'__initenv',
'_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_amsg_exit',
'__lconv_init',
'_atoi64',
'_putenv',
'toupper',
'_fullpath',
'bsearch',
'qsort',
'perror',
'getc',
'strtok',
'abort',
'strspn',
'strpbrk',
'??3@YAXPEAX@Z',
'strtol',
'_get_osfhandle',
'_beginthreadex',
'_endthreadex',
'strstr',
'fprintf',
'_strnicmp',
'_fmode',
'realloc',
'fseek',
'ftell',
'fclose',
'fopen',
'free',
'strncpy',
'exit',
'scanf',
'fflush',
'__iob_func',
'sprintf',
'printf',
'memset',
'fread',
'fwrite',
'malloc',
'strchr',
'calloc',
'_errno',
'memcpy',
'_splitpath',
'_fileno',
'_strdup',
'_CxxThrowException',
'_vsnprintf',
'_finite',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'VariantClear',
'RegCloseKey',
'RegOpenKeyExA',
'RegQueryValueExA',
'getservbyname',
'htons',
'gethostbyaddr',
'getservbyport',
'htonl',
'WSASetLastError',
'WSAEnumProtocolsA',
'WSAStartup',
'gethostname',
'inet_addr',
'WSAGetLastError',
'gethostbyname',
'ntohs',
'inet_ntoa'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 141,
'NumberOfSections': 7,
'OSVersion': 4,
'ResSize': 1184,
'SectionNames': {'.data\x00\x00\x00': 38912,
'.pdata\x00\x00': 5120,
'.rdata\x00\x00': 71168,
'.reloc\x00\x00': 12288,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 64000,
'.tls\x00\x00\x00\x00': 512},
'StackReserveSize': 33554432,
'filename': './data/malware/1f02b810f254fda92c1f45203b5f204d6dc7b27e92d832ccb633de5d790492fc'},
'1f0ddacd24cea4cbc15927edb18b4fb78e206ca896fc7855c53f6ec2cdadc099': {'AddressOfEntryPoint': 129992,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 614400,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'GetObjectW',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SysAllocString',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetClientRect',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'VerQueryValueW',
'WININET.dll': 'HttpQueryInfoW',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['WSACleanup',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'ioctlsocket',
'listen',
'bind',
'WSAStartup',
'closesocket',
'connect',
'socket',
'send',
'WSAGetLastError',
'select',
'accept',
'__WSAFDIsSet',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Destroy',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_ReplaceIcon',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'InternetQueryOptionW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'HttpQueryInfoW',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'UnloadUserProfile',
'DestroyEnvironmentBlock',
'CreateEnvironmentBlock',
'LoadUserProfileW',
'GetProcessHeap',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'GetVersionExW',
'GetSystemInfo',
'GetModuleHandleW',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'ReadFile',
'SetFilePointer',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CompareStringW',
'WriteFile',
'GetStdHandle',
'HeapFree',
'EnterCriticalSection',
'TerminateThread',
'LeaveCriticalSection',
'DeleteCriticalSection',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'ResetEvent',
'PulseEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'VirtualAlloc',
'LoadLibraryExW',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'LoadLibraryA',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'RaiseException',
'RtlPcToFileHeader',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'GetCurrentDirectoryW',
'FreeLibrary',
'InitializeCriticalSection',
'GetProcAddress',
'LoadLibraryW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetModuleFileNameA',
'InitializeCriticalSectionAndSpinCount',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'FlushFileBuffers',
'SetStdHandle',
'LCMapStringW',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'LCMapStringA',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'CompareStringA',
'CreatePipe',
'SetEnvironmentVariableA',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'IsCharUpperW',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'SetClipboardData',
'FindWindowW',
'SystemParametersInfoW',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'keybd_event',
'VkKeyScanA',
'GetKeyboardLayoutNameA',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'EndPaint',
'BeginPaint',
'DestroyWindow',
'GetMenu',
'CopyRect',
'CharUpperBuffW',
'EnumWindows',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'IsCharLowerW',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'ReleaseDC',
'EnumThreadWindows',
'GetDC',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'IsIconic',
'GetClipboardData',
'GetClientRect',
'SetBkMode',
'DeleteObject',
'GetPixel',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'BitBlt',
'GetDIBits',
'CloseFigure',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetDeviceCaps',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'DeleteDC',
'GetObjectW',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'SetSecurityDescriptorDacl',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'AddAce',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'IIDFromString',
'StringFromIID',
'CLSIDFromString',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'StringFromCLSID',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'VariantInit',
'VariantCopy',
'VariantClear',
'SafeArrayDestroyData',
'VarR8FromDec',
'SafeArrayAccessData',
'SafeArrayUnaccessData',
'SafeArrayGetVartype',
'OleLoadPicture',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'VariantTimeToSystemTime',
'SysAllocString'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 512,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 92760,
'SectionNames': {'.data\x00\x00\x00': 17408,
'.pdata\x00\x00': 27136,
'.rdata\x00\x00': 88576,
'.rsrc\x00\x00\x00': 93184,
'.text\x00\x00\x00': 608256},
'StackReserveSize': 4194304,
'filename': './data/malware/1f0ddacd24cea4cbc15927edb18b4fb78e206ca896fc7855c53f6ec2cdadc099'},
'1f56d5e7a22c2b767b000100d80dacc0f63a7a4a5039c67b015d205c8aa5c0e4': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 130372,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 130560,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/1f56d5e7a22c2b767b000100d80dacc0f63a7a4a5039c67b015d205c8aa5c0e4'},
'1ff97b0d790e7d34e4f4c4b18154cf90ff82a4d5e66665b893ec3bb3ea8c1bf8': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 508784,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 508928,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/1ff97b0d790e7d34e4f4c4b18154cf90ff82a4d5e66665b893ec3bb3ea8c1bf8'},
'201f26b787fb7913b384fc266f649bc698e0465d7d27b5bf27c7c2aa7f538b62': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'InitializeSecurityDescriptor',
'KERNEL32.dll': 'FindFirstFileA',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'SendDlgItemMessageA',
'msvcrt.dll': '_vsnprintf',
'ntdll.dll': 'NtShutdownSystem'},
'ImportedFunctions': ['__initenv',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'strncpy',
'strstr',
'_strlwr',
'strrchr',
'__getmainargs',
'_strnicmp',
'_wcsicmp',
'towlower',
'strchr',
'memset',
'tolower',
'memcpy',
'_snprintf',
'sprintf',
'free',
'malloc',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_stricmp',
'_vsnprintf',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'CryptAcquireContextA',
'CryptGenRandom',
'CryptReleaseContext',
'AllocateAndInitializeSid',
'OpenProcessToken',
'GetTokenInformation',
'GetLengthSid',
'InitiateSystemShutdownA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'InitializeSecurityDescriptor',
'CreateThread',
'GetFileSize',
'CreateProcessA',
'GetExitCodeProcess',
'DosDateTimeToFileTime',
'LocalFileTimeToFileTime',
'InitializeCriticalSectionAndSpinCount',
'SetEndOfFile',
'GetCurrentDirectoryA',
'QueryDosDeviceA',
'GetDiskFreeSpaceA',
'GetSystemTime',
'CreateEventA',
'SetFileAttributesA',
'CopyFileA',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SystemTimeToFileTime',
'GetProcessHeap',
'FindClose',
'FindNextFileA',
'SetFileTime',
'Sleep',
'GetVersionExA',
'ReadFile',
'SetFilePointer',
'MoveFileExA',
'RemoveDirectoryA',
'GetLastError',
'CreateDirectoryA',
'GetTickCount',
'SetErrorMode',
'CloseHandle',
'DeviceIoControl',
'CreateFileA',
'GetDriveTypeA',
'HeapFree',
'FormatMessageA',
'LeaveCriticalSection',
'DeleteFileA',
'EnterCriticalSection',
'TerminateProcess',
'WaitForMultipleObjects',
'CreateEventW',
'SetEvent',
'GetModuleFileNameA',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'WideCharToMultiByte',
'HeapAlloc',
'SetLastError',
'WriteFile',
'GetProcAddress',
'LoadLibraryA',
'GetSystemDirectoryA',
'FreeLibrary',
'MoveFileA',
'ExpandEnvironmentStringsA',
'ExitProcess',
'DeleteCriticalSection',
'FlushFileBuffers',
'WaitForSingleObject',
'OpenEventA',
'GetCurrentProcess',
'GetFileAttributesA',
'GetCommandLineA',
'FindFirstFileA',
'NtOpenProcessToken',
'NtAdjustPrivilegesToken',
'NtClose',
'NtShutdownSystem',
'ShowWindow',
'SendMessageA',
'DialogBoxParamA',
'MessageBoxA',
'SetParent',
'EndDialog',
'LoadStringA',
'SendDlgItemMessageA',
'SHBrowseForFolderA',
'SHGetPathFromIDListA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 133,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3424,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 18101248,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/201f26b787fb7913b384fc266f649bc698e0465d7d27b5bf27c7c2aa7f538b62'},
'202096bde5a417f4c9546d8263cd836fffc61b806cde45e3830df7bc83c6b247': {'AddressOfEntryPoint': 225512,
'DebugRVA': 238368,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 237568,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionBind',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoCancelIrp',
'PoSetPowerState',
'IoGetDeviceObjectPointer',
'IoStartNextPacket',
'PoStartNextPowerIrp',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoFreeIrp',
'RtlWriteRegistryValue',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoCreateSymbolicLink',
'ObfDereferenceObject',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoReleaseCancelSpinLock',
'IofCallDriver',
'IoRegisterShutdownNotification',
'RtlCheckRegistryKey',
'RtlQueryRegistryValues',
'ZwEnumerateValueKey',
'IoGetDeviceProperty',
'RtlCreateRegistryKey',
'ZwEnumerateKey',
'KeClearEvent',
'KeInitializeMutex',
'KeSetEvent',
'KeInitializeEvent',
'KeReleaseSpinLock',
'KeReleaseMutex',
'KeWaitForSingleObject',
'KeAcquireSpinLockRaiseToDpc',
'IoBuildSynchronousFsdRequest',
'IoFreeWorkItem',
'IoAllocateWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoInitializeIrp',
'IoCreateSynchronizationEvent',
'ZwClose',
'ExEventObjectType',
'ObReferenceObjectByHandle',
'IoReleaseRemoveLockEx',
'IoDetachDevice',
'wcsstr',
'IoUnregisterPlugPlayNotification',
'towlower',
'ZwOpenKey',
'RtlUnicodeStringToAnsiString',
'RtlFreeAnsiString',
'KeInitializeDpc',
'KeInsertQueueDpc',
'KeSynchronizeExecution',
'MmUnmapLockedPages',
'ExFreePoolWithTag',
'MmBuildMdlForNonPagedPool',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'IoAllocateMdl',
'swprintf',
'PoRequestPowerIrp',
'IoCreateNotificationEvent',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'ZwCreateSection',
'ExQueueWorkItem',
'KeInitializeTimer',
'KeSetTimer',
'KeCancelTimer',
'KeSetTimerEx',
'ExAllocatePoolWithTag',
'IoBuildDeviceIoControlRequest',
'RtlAnsiStringToUnicodeString',
'RtlIntegerToUnicodeString',
'RtlInitAnsiString',
'KeDelayExecutionThread',
'RtlFreeUnicodeString',
'RtlAppendUnicodeStringToString',
'RtlCopyUnicodeString',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'RtlInitUnicodeString',
'PoRegisterSystemState',
'PoUnregisterSystemState',
'IoAcquireRemoveLockEx',
'KeQueryTimeIncrement',
'sprintf',
'IoRegisterPlugPlayNotification',
'_purecall',
'__C_specific_handler',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionUnbind',
'WdfVersionBind'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 96,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 968,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 7168,
'.rdata\x00\x00': 17408,
'.reloc\x00\x00': 3584,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 231936,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/202096bde5a417f4c9546d8263cd836fffc61b806cde45e3830df7bc83c6b247'},
'202377640777e1416e1c6082eb4a2a885c14a70cfb26556eb881de173a3174f7': {'AddressOfEntryPoint': 35132,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'EnumProcessModules'},
'ImportedFunctions': ['GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'Sleep',
'OpenProcess',
'GetExitCodeProcess',
'TerminateProcess',
'CloseHandle',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'CreateFileW',
'CreateThread',
'GetCurrentProcess',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetModuleFileNameW',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 58880},
'StackReserveSize': 1048576,
'filename': './data/malware/202377640777e1416e1c6082eb4a2a885c14a70cfb26556eb881de173a3174f7'},
'20255538932444661fb16979d0ac347fba388a07e1c096cc6b74710a7ad61ce1': {'AddressOfEntryPoint': 357560,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 347912,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'hal.dll': 'HalMakeBeep',
'ntoskrnl.exe': 'NtQuerySystemInformation'},
'ImportedFunctions': ['PsGetVersion',
'PsGetCurrentThreadId',
'PsGetCurrentProcessId',
'__C_specific_handler',
'ProbeForWrite',
'KeDelayExecutionThread',
'ProbeForRead',
'_wcsnicmp',
'_stricmp',
'RtlDeleteRegistryValue',
'strstr',
'strrchr',
'strncpy',
'_strnicmp',
'PsDereferencePrimaryToken',
'RtlEqualSid',
'SeQueryInformationToken',
'PsReferencePrimaryToken',
'PsSetCreateProcessNotifyRoutine',
'RtlInitUnicodeString',
'IofCompleteRequest',
'__chkstk',
'IoCreateSymbolicLink',
'IoCreateDevice',
'PsSetLoadImageNotifyRoutine',
'ZwClose',
'ExReleaseFastMutex',
'ExAcquireFastMutex',
'ZwCreateFile',
'KeInitializeEvent',
'ZwQuerySystemInformation',
'MmIsAddressValid',
'RtlFreeAnsiString',
'RtlUnicodeStringToAnsiString',
'_vsnwprintf',
'_wcsicmp',
'ZwOpenFile',
'MmUnmapViewInSystemSpace',
'MmMapViewInSystemSpace',
'MmCreateSection',
'ZwQueryInformationThread',
'ZwOpenThread',
'PsGetProcessInheritedFromUniqueProcessId',
'ObReferenceObjectByHandle',
'PsGetProcessImageFileName',
'ObQueryNameString',
'IoGetDeviceObjectPointer',
'KeStackAttachProcess',
'KeUnstackDetachProcess',
'PsGetProcessCreateTimeQuadPart',
'KeQueryTimeIncrement',
'ZwQuerySymbolicLinkObject',
'ZwOpenSymbolicLinkObject',
'ZwQueryInformationProcess',
'PsIsThreadTerminating',
'MmGetSystemRoutineAddress',
'PsGetProcessId',
'PsGetThreadProcess',
'ZwOpenProcess',
'ZwOpenDirectoryObject',
'RtlAppendUnicodeStringToString',
'tolower',
'strchr',
'PsGetProcessWin32Process',
'PsLookupProcessByProcessId',
'ObOpenObjectByPointer',
'PsGetProcessSectionBaseAddress',
'ZwOpenProcessTokenEx',
'wcschr',
'RtlCompareUnicodeString',
'ZwQueryObject',
'wcsncpy',
'IoQueryFileDosDeviceName',
'PsGetCurrentProcessSessionId',
'CmRegisterCallback',
'PsGetThreadTeb',
'PsLookupThreadByThreadId',
'RtlNtStatusToDosError',
'PsGetProcessPeb',
'RtlFreeUnicodeString',
'RtlWriteRegistryValue',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlCreateUnicodeString',
'RtlQueryRegistryValues',
'RtlPrefixUnicodeString',
'ZwQueryValueKey',
'ZwOpenKey',
'ZwSetInformationProcess',
'RtlLengthSid',
'ZwAssignProcessToJobObject',
'ZwSetInformationJobObject',
'ZwCreateJobObject',
'PsGetProcessJob',
'ZwTerminateProcess',
'RtlAddAccessAllowedAceEx',
'RtlAddAce',
'RtlCreateAcl',
'RtlGetAce',
'ZwSetSecurityObject',
'RtlSetDaclSecurityDescriptor',
'RtlCreateSecurityDescriptor',
'RtlGetDaclSecurityDescriptor',
'ZwQuerySecurityObject',
'SeTokenIsRestricted',
'SeFilterToken',
'ObfReferenceObject',
'ZwCreateKey',
'ZwEnumerateValueKey',
'ZwSetValueKey',
'ZwDeleteValueKey',
'RtlCompareMemory',
'RtlAppendUnicodeToString',
'RtlFormatCurrentUserKeyPath',
'IoGetCurrentProcess',
'ExAllocatePoolWithTag',
'KeBugCheckEx',
'ExFreePoolWithTag',
'ZwConnectPort',
'LpcRequestWaitReplyPort',
'ObfDereferenceObject',
'ZwQueryInformationToken',
'_vsnprintf',
'IoAllocateMdl',
'MmProbeAndLockPages',
'MmMapLockedPagesSpecifyCache',
'MmUnlockPages',
'IoFreeMdl',
'ExAllocatePool',
'ExFreePool',
'NtQuerySystemInformation',
'HalMakeBeep'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 132,
'NumberOfSections': 11,
'OSVersion': 5,
'ResSize': 1024,
'SectionNames': {'.Shltr0\x00': 0,
'.Shltr1\x00': 1024,
'.Shltr2\x00': 0,
'.Shltr3\x00': 168448,
'.data\x00\x00\x00': 0,
'.pdata\x00\x00': 0,
'.rdata\x00\x00': 0,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 0,
'INIT\x00\x00\x00\x00': 0},
'StackReserveSize': 262144,
'filename': './data/malware/20255538932444661fb16979d0ac347fba388a07e1c096cc6b74710a7ad61ce1'},
'20866850568dd3d2d4ff5d856cd258628cd037f8abb2cffc4d8ab77aa8afde1a': {'AddressOfEntryPoint': 51236,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 77824,
'ExportSize': 12984088,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'GetVolumeInformationA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'GetFileVersionInfoSizeA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['RegCloseKey',
'RegQueryInfoKeyA',
'GetTokenInformation',
'FreeSid',
'RegSetValueExA',
'LookupPrivilegeValueA',
'RegDeleteValueA',
'RegCreateKeyExA',
'AllocateAndInitializeSid',
'EqualSid',
'RegQueryValueExA',
'RegOpenKeyExA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'WritePrivateProfileStringA',
'LocalFree',
'FindFirstFileA',
'_lclose',
'DeleteFileA',
'lstrlenA',
'GetLastError',
'GetFileAttributesA',
'ExpandEnvironmentStringsA',
'GetProcAddress',
'_llseek',
'GetWindowsDirectoryA',
'RemoveDirectoryA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'FreeLibrary',
'GetModuleFileNameA',
'FindNextFileA',
'SetFileAttributesA',
'GlobalFree',
'GetCurrentProcess',
'FindClose',
'GetPrivateProfileStringA',
'CompareStringA',
'LoadLibraryA',
'GlobalAlloc',
'GlobalUnlock',
'GlobalLock',
'GetPrivateProfileIntA',
'_lopen',
'GetShortPathNameA',
'LoadLibraryExA',
'ExitProcess',
'CloseHandle',
'GetCurrentDirectoryA',
'WriteFile',
'DosDateTimeToFileTime',
'SetCurrentDirectoryA',
'CreateFileA',
'FindResourceA',
'GetDriveTypeA',
'GetVersionExA',
'SetFilePointer',
'GetVersion',
'FreeResource',
'GetTempPathA',
'GetTempFileNameA',
'CreateThread',
'ResetEvent',
'LocalFileTimeToFileTime',
'CreateDirectoryA',
'TerminateThread',
'LoadResource',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'LockResource',
'WaitForSingleObject',
'CreateProcessA',
'SetEvent',
'ReadFile',
'GetSystemInfo',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'Sleep',
'CreateMutexA',
'lstrcmpA',
'LocalAlloc',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'GetVolumeInformationA',
'GetDeviceCaps',
'CallWindowProcA',
'PeekMessageA',
'EnableWindow',
'SetWindowTextA',
'DispatchMessageA',
'MessageBoxA',
'SetForegroundWindow',
'SetWindowLongPtrA',
'MsgWaitForMultipleObjects',
'ShowWindow',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'GetDlgItem',
'SendMessageA',
'GetWindowRect',
'GetWindowLongPtrA',
'SendDlgItemMessageA',
'GetDC',
'SetWindowPos',
'SetDlgItemTextA',
'MessageBeep',
'CharUpperA',
'EndDialog',
'CharNextA',
'GetDesktopWindow',
'ExitWindowsEx',
'CharPrevA',
'LoadStringA',
'ReleaseDC',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'VerQueryValueA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 12985100,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 12985344,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/20866850568dd3d2d4ff5d856cd258628cd037f8abb2cffc4d8ab77aa8afde1a'},
'20a8f15ef6186413536aad11334983eb0b5036f6f89ece87b2a5d5896b229959': {'AddressOfEntryPoint': 56604,
'DebugRVA': 144496,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 143360,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'SetSecurityInfo',
'KERNEL32.dll': 'EnterCriticalSection',
'USER32.dll': 'SetWindowsHookExA'},
'ImportedFunctions': ['FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'CreateEventA',
'CreateMutexA',
'CreateSemaphoreA',
'HeapAlloc',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'GetModuleFileNameA',
'WideCharToMultiByte',
'Sleep',
'MultiByteToWideChar',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'RaiseException',
'RtlPcToFileHeader',
'LocalAlloc',
'HeapFree',
'ExitThread',
'CreateThread',
'LCMapStringA',
'LCMapStringW',
'GetCPInfo',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'GetCurrentProcessId',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetLocaleInfoA',
'GetStringTypeA',
'GetStringTypeW',
'HeapReAlloc',
'GetUserDefaultLCID',
'EnumSystemLocalesA',
'IsValidLocale',
'InitializeCriticalSectionAndSpinCount',
'GetLocaleInfoW',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'FlushFileBuffers',
'LocalFree',
'ReleaseSemaphore',
'ReleaseMutex',
'ResetEvent',
'SetEvent',
'WaitForMultipleObjects',
'GetLastError',
'GetVersionExA',
'IsWow64Process',
'OpenProcess',
'Thread32Next',
'Thread32First',
'CreateToolhelp32Snapshot',
'CloseHandle',
'WaitForSingleObject',
'OpenEventA',
'SetUnhandledExceptionFilter',
'GetCurrentThreadId',
'DeleteCriticalSection',
'InitializeCriticalSection',
'LeaveCriticalSection',
'RtlUnwindEx',
'EnterCriticalSection',
'SetWindowsHookExA',
'RegOpenKeyExA',
'RegCloseKey',
'RegQueryValueExA',
'InitializeAcl',
'SetSecurityInfo'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 103,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1832,
'SectionNames': {'.data\x00\x00\x00': 11264,
'.pdata\x00\x00': 9728,
'.rdata\x00\x00': 41984,
'.reloc\x00\x00': 2048,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 137728},
'StackReserveSize': 1048576,
'filename': './data/malware/20a8f15ef6186413536aad11334983eb0b5036f6f89ece87b2a5d5896b229959'},
'20bef119489f0e10041056dd738f8ff65db07f5b55fa0ecf9bc917bc7705e7c7': {'AddressOfEntryPoint': 5016,
'DebugRVA': 4480,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'UnhandledExceptionFilter',
'RtlCaptureContext',
'GetCurrentProcess',
'TerminateProcess',
'GetTickCount',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'SetUnhandledExceptionFilter',
'ExitProcess',
'HeapSetInformation',
'EnumResourceNamesW',
'FindResourceW',
'FreeLibrary',
'LoadResource',
'HeapAlloc',
'GetSystemWindowsDirectoryW',
'HeapFree',
'CreateDirectoryW',
'GetProcessHeap',
'WriteFile',
'LoadLibraryW',
'SizeofResource',
'CreateFileW',
'GetLastError',
'GetCurrentDirectoryW',
'GetProcAddress',
'LockResource',
'SetCurrentDirectoryW',
'RemoveDirectoryW',
'CloseHandle',
'DeleteFileW',
'SetFileAttributesW',
'RegCloseKey',
'RegOpenKeyExW',
'RegDeleteValueW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 45,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 2845508,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2845696,
'.text\x00\x00\x00': 7680},
'StackReserveSize': 524288,
'filename': './data/malware/20bef119489f0e10041056dd738f8ff65db07f5b55fa0ecf9bc917bc7705e7c7'},
'20bf7eb38d34e46099e08eb3394383f1c0ed21686b89d3c0ae74829babdadad0': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 141908,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 142336,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/20bf7eb38d34e46099e08eb3394383f1c0ed21686b89d3c0ae74829babdadad0'},
'20d6d009cee8bb1f4c8fe280a03d181a21d40b80cf0f08c4309240035c955e39': {'AddressOfEntryPoint': 3221233868,
'DebugRVA': 4656,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4194304,
'ImageVersion': 5,
'ImportedDLL': {'KERNEL32.dll': 'RtlCaptureContext',
'newdev.dll': 'UpdateDriverForPlugAndPlayDevicesA'},
'ImportedFunctions': ['GetCommandLineA',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'ExitProcess',
'GetProcAddress',
'GetModuleHandleA',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetLastError',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'LoadLibraryA',
'Sleep',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'SetFilePointer',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'FlushFileBuffers',
'SetStdHandle',
'GetLocaleInfoA',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'CloseHandle',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'SetUnhandledExceptionFilter',
'RtlCaptureContext',
'UpdateDriverForPlugAndPlayDevicesA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 55,
'NumberOfSections': 3,
'OSVersion': 5,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 2560,
'.text\x00\x00\x00': 27648,
'V5\x00\x00ta\x00\x00': 2048},
'StackReserveSize': 524288,
'filename': './data/malware/20d6d009cee8bb1f4c8fe280a03d181a21d40b80cf0f08c4309240035c955e39'},
'210fc1511f475c1d448ba4693d99487b70ca50b2448c482026aa1c7e87d9424a': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/210fc1511f475c1d448ba4693d99487b70ca50b2448c482026aa1c7e87d9424a'},
'21a99040697696e8095e3a442303c12c1e8ebfa481fd13c16086220d505c502e': {'AddressOfEntryPoint': 107836,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 39104,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 39424,
'.text\x00\x00\x00': 596992,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/21a99040697696e8095e3a442303c12c1e8ebfa481fd13c16086220d505c502e'},
'21e4eb7c65655256ddeeac4de8f3e1f6178f4cfc5a7387ceb9cd9948ade15f38': {'AddressOfEntryPoint': 1073764093,
'DebugRVA': 12928,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'GetLastError',
'USER32.dll': 'wsprintfA',
'msvcrt.dll': '_mbschr',
'ole32.dll': 'StringFromCLSID'},
'ImportedFunctions': ['RegOpenKeyExA',
'RegQueryValueExA',
'RegEnumKeyA',
'RegCloseKey',
'_fmode',
'_commode',
'__setusermatherr',
'_initterm',
'__getmainargs',
'_acmdln',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'_splitpath',
'__set_app_type',
'__argc',
'memset',
'_putenv',
'__CxxFrameHandler',
'calloc',
'free',
'_stat',
'_snprintf',
'printf',
'??2@YAPEAX_K@Z',
'_mbslwr',
'_mbsnbcmp',
'_mbscmp',
'_mbsstr',
'_mbsrchr',
'_mbsnbcpy',
'__argv',
'_mbschr',
'GetEnvironmentVariableA',
'GetStartupInfoA',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'lstrlenW',
'GetProcAddress',
'FreeLibrary',
'GetSystemDirectoryA',
'LoadLibraryA',
'CreateFileA',
'CloseHandle',
'GetModuleHandleA',
'GetModuleFileNameA',
'GetShortPathNameA',
'GetLongPathNameA',
'GetVersionExA',
'WideCharToMultiByte',
'CreateProcessA',
'WaitForSingleObject',
'GetLastError',
'wsprintfA',
'CoTaskMemFree',
'StringFromCLSID'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 69,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 1712,
'StackReserveSize': 1048576,
'filename': './data/malware/21e4eb7c65655256ddeeac4de8f3e1f6178f4cfc5a7387ceb9cd9948ade15f38'},
'222a7bc35cc02800086c6cd9ed36fff7e90672ea2c0d1593b5e4728b2424e9a7': {'AddressOfEntryPoint': 670281,
'DebugRVA': 418144,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 413696,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueA',
'COMCTL32.dll': 'ImageList_Merge',
'GDI32.dll': 'Escape',
'KERNEL32.dll': 'lstrcpyA',
'OLEAUT32.dll': 'SysFreeString',
'SHELL32.dll': 'ExtractIconA',
'USER32.dll': 'UnregisterClassA',
'WINSPOOL.DRV': 'OpenPrinterA',
'comdlg32.dll': 'GetOpenFileNameA',
'ole32.dll': 'OleSetClipboard'},
'ImportedFunctions': ['GetProcessHeap',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'ExitProcess',
'ExitThread',
'CreateThread',
'HeapReAlloc',
'HeapSize',
'GetACP',
'GetDateFormatA',
'GetTimeFormatA',
'GetSystemTimeAsFileTime',
'Sleep',
'GetStdHandle',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'HeapSetInformation',
'HeapCreate',
'HeapDestroy',
'HeapAlloc',
'SetUnhandledExceptionFilter',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetTimeZoneInformation',
'IsBadReadPtr',
'IsBadWritePtr',
'IsBadCodePtr',
'GetUserDefaultLCID',
'GetLocaleInfoA',
'EnumSystemLocalesA',
'IsValidLocale',
'IsValidCodePage',
'SetConsoleCtrlHandler',
'SetStdHandle',
'GetLocaleInfoW',
'CompareStringA',
'CompareStringW',
'SetEnvironmentVariableA',
'QueryPerformanceCounter',
'GetCurrentProcessId',
'TerminateProcess',
'RtlVirtualUnwind',
'RtlCaptureContext',
'HeapFree',
'GetCommandLineA',
'RtlUnwindEx',
'RtlLookupFunctionEntry',
'CopyFileA',
'GlobalSize',
'SetFileAttributesA',
'SetFileTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetFileTime',
'GetFileSize',
'GetFileAttributesA',
'GetTickCount',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'lstrlenW',
'VirtualQuery',
'GetSystemInfo',
'VirtualAlloc',
'VirtualProtect',
'CreateFileA',
'GetFullPathNameA',
'GetVolumeInformationA',
'FindFirstFileA',
'FindClose',
'WriteFile',
'GetCurrentProcess',
'DuplicateHandle',
'GetShortPathNameA',
'GetStringTypeExA',
'DeleteFileA',
'MoveFileA',
'SetEndOfFile',
'UnlockFile',
'LockFile',
'FlushFileBuffers',
'SetFilePointer',
'ReadFile',
'SetErrorMode',
'GetThreadLocale',
'GetCurrentDirectoryA',
'GetOEMCP',
'GetCPInfo',
'TlsFree',
'LocalReAlloc',
'TlsSetValue',
'TlsAlloc',
'TlsGetValue',
'GlobalHandle',
'GlobalReAlloc',
'LocalAlloc',
'GetProcessVersion',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSection',
'SizeofResource',
'GetLastError',
'GlobalFlags',
'MulDiv',
'SetLastError',
'CreateEventA',
'SuspendThread',
'SetEvent',
'WaitForSingleObject',
'ResumeThread',
'SetThreadPriority',
'CloseHandle',
'GetModuleFileNameA',
'GetCurrentThread',
'GlobalAlloc',
'FormatMessageA',
'LocalFree',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetVersion',
'GetCurrentThreadId',
'GlobalGetAtomNameA',
'lstrcmpiA',
'GlobalAddAtomA',
'GlobalFindAtomA',
'GlobalDeleteAtom',
'LoadLibraryA',
'FreeLibrary',
'lstrcatA',
'lstrcpynA',
'GetModuleHandleA',
'GetProcAddress',
'GetVersionExA',
'GlobalLock',
'GlobalUnlock',
'GlobalFree',
'FindResourceA',
'LoadResource',
'LockResource',
'FreeResource',
'GetPrivateProfileIntA',
'GetPrivateProfileStringA',
'WritePrivateProfileStringA',
'lstrcmpA',
'lstrlenA',
'FatalAppExitA',
'lstrcpyA',
'SetRect',
'CopyAcceleratorTableA',
'GetNextDlgGroupItem',
'MessageBeep',
'TranslateAcceleratorA',
'SetMenu',
'BringWindowToTop',
'SetRectEmpty',
'InvalidateRect',
'LoadAcceleratorsA',
'LoadMenuA',
'ReuseDDElParam',
'UnpackDDElParam',
'CharUpperA',
'RegisterClipboardFormatA',
'RemoveMenu',
'PostThreadMessageA',
'DestroyIcon',
'ReleaseCapture',
'WindowFromPoint',
'SetCapture',
'InflateRect',
'LoadCursorA',
'GetSysColorBrush',
'GetDialogBaseUnits',
'PtInRect',
'GetDesktopWindow',
'GetClassNameA',
'EndPaint',
'BeginPaint',
'GetWindowDC',
'ClientToScreen',
'GrayStringA',
'DrawTextA',
'TabbedTextOutA',
'LoadStringA',
'DestroyMenu',
'SetWindowContextHelpId',
'MapDialogRect',
'GetMessageA',
'TranslateMessage',
'ValidateRect',
'GetCursorPos',
'ShowOwnedPopups',
'SetCursor',
'PostQuitMessage',
'ReleaseDC',
'GetDC',
'wvsprintfA',
'SetMenuItemBitmaps',
'ModifyMenuA',
'GetMenuState',
'EnableMenuItem',
'CheckMenuItem',
'GetMenuCheckMarkDimensions',
'LoadBitmapA',
'ShowWindow',
'MoveWindow',
'SetWindowTextA',
'CharNextA',
'ScrollWindowEx',
'IsDlgButtonChecked',
'SetDlgItemTextA',
'SetDlgItemInt',
'GetDlgItemTextA',
'GetDlgItemInt',
'CheckRadioButton',
'CheckDlgButton',
'OemToCharA',
'CharToOemA',
'RegisterWindowMessageA',
'GetCapture',
'WinHelpA',
'CreateWindowExA',
'SetWindowsHookExA',
'CallNextHookEx',
'GetClassLongA',
'SetPropA',
'GetPropA',
'RemovePropA',
'DispatchMessageA',
'GetFocus',
'SetFocus',
'IsChild',
'GetWindowLongPtrA',
'UnhookWindowsHookEx',
'GetMessageTime',
'GetMessagePos',
'SetWindowLongPtrA',
'BeginDeferWindowPos',
'EndDeferWindowPos',
'ScrollWindow',
'GetTopWindow',
'MessageBoxA',
'TrackPopupMenu',
'GetKeyState',
'SetScrollRange',
'GetScrollRange',
'SetScrollPos',
'GetScrollPos',
'GetForegroundWindow',
'SetForegroundWindow',
'PeekMessageA',
'GetLastActivePopup',
'ShowScrollBar',
'IsWindowVisible',
'MapWindowPoints',
'UpdateWindow',
'GetSysColor',
'GetMenu',
'PostMessageA',
'GetSubMenu',
'AdjustWindowRectEx',
'GetMenuItemID',
'GetMenuItemCount',
'ScreenToClient',
'EqualRect',
'DeferWindowPos',
'GetScrollInfo',
'SetScrollInfo',
'InsertMenuA',
'GetMenuStringA',
'DeleteMenu',
'WaitMessage',
'IsDialogMessageA',
'GetWindowThreadProcessId',
'GetClassInfoA',
'RegisterClassA',
'SetWindowPlacement',
'GetWindowTextLengthA',
'GetWindowTextA',
'GetDlgCtrlID',
'DefWindowProcA',
'CallWindowProcA',
'SetWindowLongA',
'SetWindowPos',
'OffsetRect',
'IntersectRect',
'SystemParametersInfoA',
'GetWindowPlacement',
'GetWindowRect',
'CopyRect',
'GetWindow',
'GetActiveWindow',
'SetActiveWindow',
'CreateDialogIndirectParamA',
'DestroyWindow',
'GetWindowLongA',
'GetDlgItem',
'IsWindowEnabled',
'GetParent',
'GetNextDlgTabItem',
'EndDialog',
'IsWindow',
'GetSystemMetrics',
'LoadIconA',
'GetClientRect',
'IsIconic',
'GetSystemMenu',
'AppendMenuA',
'DrawIcon',
'SendMessageA',
'wsprintfA',
'EnableWindow',
'SendDlgItemMessageA',
'UnregisterClassA',
'GetDeviceCaps',
'ExtTextOutA',
'CreateDIBPatternBrushPt',
'CreatePen',
'ExtCreatePen',
'CreateSolidBrush',
'CreateHatchBrush',
'CreatePatternBrush',
'GetTextExtentPoint32A',
'GetTextMetricsA',
'CreateFontIndirectA',
'SetRectRgn',
'CombineRgn',
'GetMapMode',
'PlayMetaFile',
'GetBkColor',
'GetTextColor',
'LPtoDP',
'CopyMetaFileA',
'CreateDCA',
'TextOutA',
'RectVisible',
'PtVisible',
'StartDocA',
'GetWindowExtEx',
'GetViewportExtEx',
'SelectClipPath',
'CreateRectRgn',
'EnumMetaFile',
'GetObjectType',
'PlayMetaFileRecord',
'ExtSelectClipRgn',
'PolyBezierTo',
'PolylineTo',
'PolyDraw',
'ArcTo',
'GetCurrentPositionEx',
'ScaleWindowExtEx',
'SetWindowExtEx',
'OffsetWindowOrgEx',
'SetWindowOrgEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'SelectPalette',
'GetStockObject',
'SelectObject',
'DeleteDC',
'DPtoLP',
'GetDCOrgEx',
'GetClipRgn',
'SelectClipRgn',
'DeleteObject',
'SetColorAdjustment',
'SetArcDirection',
'SetMapperFlags',
'SetTextCharacterExtra',
'SetTextJustification',
'SetTextAlign',
'MoveToEx',
'LineTo',
'OffsetClipRgn',
'IntersectClipRect',
'ExcludeClipRect',
'SetMapMode',
'SetStretchBltMode',
'SetROP2',
'SetPolyFillMode',
'SetBkMode',
'RestoreDC',
'SaveDC',
'PatBlt',
'CreateRectRgnIndirect',
'CreateBitmap',
'GetObjectA',
'SetBkColor',
'SetTextColor',
'GetClipBox',
'Escape',
'GetSaveFileNameA',
'GetFileTitleA',
'GetOpenFileNameA',
'ClosePrinter',
'DocumentPropertiesA',
'OpenPrinterA',
'RegCreateKeyA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegSetValueExA',
'RegDeleteValueA',
'RegDeleteKeyA',
'RegOpenKeyA',
'RegSetValueA',
'RegEnumKeyA',
'RegCloseKey',
'RegQueryValueA',
'SHGetFileInfoA',
'DragQueryFileA',
'DragFinish',
'DragAcceptFiles',
'ExtractIconA',
'ImageList_Read',
'ImageList_Write',
'ImageList_Destroy',
'ImageList_Create',
'ImageList_LoadImageA',
'ImageList_Merge',
'OleDuplicateData',
'ReleaseStgMedium',
'CoTreatAsClass',
'StringFromCLSID',
'ReadClassStg',
'ReadFmtUserTypeStg',
'OleRegGetUserType',
'WriteClassStg',
'WriteFmtUserTypeStg',
'SetConvertStg',
'OleInitialize',
'CreateBindCtx',
'OleUninitialize',
'OleRun',
'CoDisconnectObject',
'CoCreateInstance',
'CreateILockBytesOnHGlobal',
'StgCreateDocfileOnILockBytes',
'StgOpenStorageOnILockBytes',
'CoTaskMemAlloc',
'CoGetClassObject',
'CoTaskMemFree',
'CLSIDFromString',
'CLSIDFromProgID',
'CoRegisterClassObject',
'CoRevokeClassObject',
'CreateStreamOnHGlobal',
'CoRegisterMessageFilter',
'OleFlushClipboard',
'OleIsCurrentClipboard',
'CoFreeUnusedLibraries',
'OleSetClipboard',
'LoadTypeLib',
'SysStringLen',
'VarBstrFromDate',
'VarDateFromStr',
'VarBstrFromCy',
'VarCyFromStr',
'SysAllocStringByteLen',
'SafeArrayDestroyDescriptor',
'SafeArrayDestroyData',
'SafeArrayDestroy',
'SafeArrayUnlock',
'SafeArrayLock',
'SafeArrayPutElement',
'SafeArrayPtrOfIndex',
'SafeArrayGetElement',
'SafeArrayCopy',
'SafeArrayAllocDescriptor',
'SafeArrayAllocData',
'SysStringByteLen',
'SafeArrayRedim',
'SafeArrayCreate',
'SafeArrayGetDim',
'SafeArrayGetElemsize',
'SafeArrayGetLBound',
'SafeArrayGetUBound',
'SafeArrayAccessData',
'SafeArrayUnaccessData',
'SysReAllocStringLen',
'VariantChangeType',
'VariantCopy',
'SysAllocString',
'VariantTimeToSystemTime',
'VariantClear',
'OleCreateFontIndirect',
'SysAllocStringLen',
'SysFreeString'],
'LinkerVersion': 8,
'NumberOfImportDLL': 11,
'NumberOfImportFunctions': 498,
'NumberOfSections': 6,
'OSVersion': 4,
'ResSize': 14040,
'SectionNames': {'.data\x00\x00\x00': 12288,
'.pdata\x00\x00': 37376,
'.rdata\x00\x00': 159744,
'.rsrc\x00\x00\x00': 41984,
'.text\x00\x00\x00': 409088,
'onjagpj\x00': 0},
'StackReserveSize': 1048576,
'filename': './data/malware/222a7bc35cc02800086c6cd9ed36fff7e90672ea2c0d1593b5e4728b2424e9a7'},
'22c39fc56634725bfc943206a98b86efaab3a3c3acf1c2b624425c2f3e6230fc': {'AddressOfEntryPoint': 12720,
'DebugRVA': 28896,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'WDFLDR.SYS': 'WdfVersionBindClass',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['ExAllocatePool',
'IoAllocateMdl',
'MmUnlockPages',
'IoFreeMdl',
'ObReferenceObjectByHandle',
'IoFileObjectType',
'RtlInitUnicodeString',
'IoWMIWriteEvent',
'MmGetSystemRoutineAddress',
'RtlCompareMemory',
'RtlGUIDFromString',
'KeBugCheckEx',
'RtlCopyUnicodeString',
'ExFreePool',
'MmMapLockedPagesSpecifyCache',
'MmProbeAndLockPages',
'IoGetCurrentProcess',
'ObfDereferenceObject',
'ExFreePoolWithTag',
'IoWMIRegistrationControl',
'ExAllocatePoolWithTag',
'__C_specific_handler',
'WdfVersionUnbindClass',
'WdfVersionBind',
'WdfVersionUnbind',
'WdfVersionBindClass'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 26,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1040,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 2048,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 18944,
'INIT\x00\x00\x00\x00': 2048,
'NONPAGE\x00': 1536,
'PAGE\x00\x00\x00\x00': 2048},
'StackReserveSize': 262144,
'filename': './data/malware/22c39fc56634725bfc943206a98b86efaab3a3c3acf1c2b624425c2f3e6230fc'},
'22cde70dee00d2f5071739d89658114e0cadf7f7fbf742e7b60931625f88df78': {'AddressOfEntryPoint': 60016,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 61440,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteKeyA',
'COMCTL32.dll': 'CreateToolbarEx',
'GDI32.dll': 'CreateSolidBrush',
'KERNEL32.dll': 'lstrcpyA',
'OLEAUT32.dll': 'SysFreeString',
'SHELL32.dll': 'ShellExecuteA',
'USER32.dll': 'KillTimer',
'VERSION.dll': 'GetFileVersionInfoA',
'comdlg32.dll': 'GetSaveFileNameA',
'msvcrt.dll': '__set_app_type',
'ole32.dll': 'GetHGlobalFromStream'},
'ImportedFunctions': ['VerQueryValueA',
'GetFileVersionInfoSizeA',
'GetFileVersionInfoA',
'ImageList_Create',
'ImageList_SetImageCount',
'ImageList_ReplaceIcon',
'CreateToolbarEx',
'_acmdln',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'_onexit',
'__dllonexit',
'_strlwr',
'_itoa',
'atoi',
'strcmp',
'_memicmp',
'strchr',
'strrchr',
'malloc',
'free',
'__getmainargs',
'_initterm',
'__setusermatherr',
'modf',
'memcmp',
'strtoul',
'_ultoa',
'strlen',
'wcslen',
'strcpy',
'??3@YAXPEAX@Z',
'_purecall',
'??2@YAPEAX_K@Z',
'memset',
'_strcmpi',
'memcpy',
'strcat',
'strncat',
'sprintf',
'_commode',
'_fmode',
'__set_app_type',
'OpenProcess',
'GetModuleHandleA',
'WriteProcessMemory',
'GetStartupInfoA',
'FreeLibrary',
'ReadProcessMemory',
'GetCurrentProcess',
'ExitProcess',
'DeleteFileA',
'GetPrivateProfileIntA',
'EnumResourceNamesA',
'WritePrivateProfileStringA',
'GetPrivateProfileStringA',
'lstrlenA',
'GetModuleFileNameA',
'WriteFile',
'GetCurrentProcessId',
'GlobalUnlock',
'GetProcAddress',
'GlobalLock',
'LoadLibraryA',
'WideCharToMultiByte',
'GetLocaleInfoA',
'GetLastError',
'LoadLibraryExA',
'GlobalAlloc',
'GetTempFileNameA',
'GetFileAttributesA',
'GetVersionExA',
'CloseHandle',
'ReadFile',
'GetTempPathA',
'CreateFileA',
'GetNumberFormatA',
'LocalFree',
'GetFileSize',
'FormatMessageA',
'GetWindowsDirectoryA',
'lstrcpyA',
'UpdateWindow',
'LoadImageA',
'GetWindowTextLengthA',
'GetMessageA',
'SetTimer',
'ReleaseCapture',
'GetSystemMetrics',
'GetWindowPlacement',
'IsDialogMessageA',
'TranslateMessage',
'EndDeferWindowPos',
'PostQuitMessage',
'TrackPopupMenu',
'SetCapture',
'RegisterClassA',
'BeginDeferWindowPos',
'CreateWindowExA',
'EndDialog',
'SendMessageA',
'LoadCursorA',
'GetDlgItem',
'SetWindowTextA',
'ChildWindowFromPoint',
'GetSysColorBrush',
'SetCursor',
'SetDlgItemTextA',
'MessageBoxA',
'GetWindowTextA',
'GetClassNameA',
'GetWindowThreadProcessId',
'EnumWindows',
'IsWindowVisible',
'RegisterWindowMessageA',
'LoadIconA',
'EnumChildWindows',
'SendMessageTimeoutA',
'GetWindowLongA',
'SetWindowLongA',
'SendDlgItemMessageA',
'GetDlgItemInt',
'InvalidateRect',
'SetDlgItemInt',
'SetFocus',
'SetClipboardData',
'EnableWindow',
'EmptyClipboard',
'MapWindowPoints',
'EnableMenuItem',
'GetClientRect',
'ReleaseDC',
'OpenClipboard',
'GetWindowRect',
'ScreenToClient',
'CloseClipboard',
'GetMenuItemCount',
'MoveWindow',
'GetMenuStringA',
'GetSubMenu',
'GetMenu',
'GetCursorPos',
'CheckMenuItem',
'GetDC',
'LoadMenuA',
'GetParent',
'ModifyMenuA',
'LoadStringA',
'DialogBoxParamA',
'GetDlgCtrlID',
'DestroyMenu',
'CreateDialogParamA',
'DestroyWindow',
'GetMenuItemInfoA',
'SetWindowPos',
'DestroyIcon',
'DeferWindowPos',
'WindowFromPoint',
'DispatchMessageA',
'PostMessageA',
'SetMenu',
'ShowWindow',
'LoadAcceleratorsA',
'GetSysColor',
'GetFocus',
'DefWindowProcA',
'TranslateAcceleratorA',
'KillTimer',
'PatBlt',
'SelectObject',
'GetDeviceCaps',
'CreateFontIndirectA',
'SetBkColor',
'SetBkMode',
'DeleteObject',
'SetTextColor',
'CreateSolidBrush',
'FindTextA',
'GetSaveFileNameA',
'RegDeleteKeyA',
'ExtractIconExA',
'ShellExecuteA',
'CoUninitialize',
'CreateStreamOnHGlobal',
'CoInitialize',
'GetHGlobalFromStream',
'SysFreeString'],
'LinkerVersion': 8,
'NumberOfImportDLL': 11,
'NumberOfImportFunctions': 191,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 13380,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 2560,
'.rdata\x00\x00': 12800,
'.rsrc\x00\x00\x00': 13824,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 1048576,
'filename': './data/malware/22cde70dee00d2f5071739d89658114e0cadf7f7fbf742e7b60931625f88df78'},
'22d47a69e5a223b6afb8eec6b893c780048cc0c4ce950a306ba8fe54caa1b0f7': {'AddressOfEntryPoint': 1074322561,
'DebugRVA': 277568,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 274432,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyW',
'COMCTL32.dll': 'InitCommonControlsEx',
'GDI32.dll': 'CreateDIBSection',
'KERNEL32.dll': 'FlsFree',
'MSIMG32.dll': 'AlphaBlend',
'OLEAUT32.dll': 'VariantInit',
'SETUPAPI.dll': 'SetupDiEnumDeviceInterfaces',
'SHELL32.dll': 'Shell_NotifyIconW',
'SHLWAPI.dll': 'PathFindExtensionW',
'USER32.dll': 'UnregisterClassA',
'WINSPOOL.DRV': 'OpenPrinterW',
'gdiplus.dll': 'GdipGetImageGraphicsContext',
'ole32.dll': 'CoTaskMemFree'},
'ImportedFunctions': ['SetupDiGetDeviceInstanceIdW',
'SetupDiEnumDeviceInfo',
'SetupDiGetClassDevsW',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetDeviceInterfaceDetailW',
'SetupDiEnumDeviceInterfaces',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoW',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'HeapReAlloc',
'ExitProcess',
'HeapSize',
'SetUnhandledExceptionFilter',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'FlsGetValue',
'FlsSetValue',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'LCMapStringA',
'LCMapStringW',
'Sleep',
'GetConsoleCP',
'GetConsoleMode',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetErrorMode',
'GetCurrentProcess',
'FlushFileBuffers',
'SetFilePointer',
'WriteFile',
'ReadFile',
'GetThreadLocale',
'lstrlenA',
'TlsFree',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'TlsGetValue',
'GlobalFlags',
'DeleteCriticalSection',
'InitializeCriticalSection',
'GetCurrentThread',
'ConvertDefaultLocale',
'GetVersion',
'EnumResourceLanguagesW',
'lstrcmpA',
'GetLocaleInfoW',
'WritePrivateProfileStringW',
'GetPrivateProfileIntW',
'GetCurrentProcessId',
'FormatMessageW',
'WideCharToMultiByte',
'GetModuleHandleA',
'lstrlenW',
'GetModuleFileNameW',
'FreeResource',
'GlobalAddAtomW',
'GlobalFindAtomW',
'GlobalDeleteAtom',
'LoadLibraryW',
'FreeLibrary',
'CompareStringW',
'LoadLibraryA',
'SetLastError',
'lstrcmpW',
'GetModuleHandleW',
'GetProcAddress',
'GetVersionExA',
'GetCurrentThreadId',
'MultiByteToWideChar',
'GetVersionExW',
'LocalAlloc',
'LocalFree',
'GetLastError',
'MulDiv',
'GetUserDefaultUILanguage',
'FindResourceExW',
'GlobalLock',
'GlobalAlloc',
'LoadResource',
'LockResource',
'SizeofResource',
'FindResourceW',
'LeaveCriticalSection',
'EnterCriticalSection',
'GlobalFree',
'GlobalUnlock',
'SetEvent',
'CreateThread',
'CreateEventW',
'WaitForMultipleObjects',
'DeviceIoControl',
'CreateFileW',
'CloseHandle',
'WaitForSingleObject',
'FlsFree',
'EndPaint',
'BeginPaint',
'ReleaseDC',
'ClientToScreen',
'GrayStringW',
'DrawTextExW',
'DrawTextW',
'TabbedTextOutW',
'MoveWindow',
'SetWindowTextW',
'IsDialogMessageW',
'GetMessageW',
'TranslateMessage',
'ValidateRect',
'GetActiveWindow',
'CreateDialogIndirectParamW',
'IsWindowEnabled',
'GetNextDlgTabItem',
'EndDialog',
'RegisterWindowMessageW',
'SendDlgItemMessageA',
'SendDlgItemMessageW',
'WinHelpW',
'GetCapture',
'SetWindowsHookExW',
'CallNextHookEx',
'GetClassNameW',
'GetClassLongPtrW',
'SetPropW',
'GetPropW',
'IsWindow',
'SetFocus',
'GetWindowTextLengthW',
'GetWindowTextW',
'GetLastActivePopup',
'DispatchMessageW',
'GetDlgItem',
'GetTopWindow',
'DestroyWindow',
'GetWindowLongPtrW',
'SetWindowLongPtrW',
'UnhookWindowsHookEx',
'GetMessageTime',
'GetMessagePos',
'PeekMessageW',
'MapWindowPoints',
'TrackPopupMenuEx',
'GetKeyState',
'IsWindowVisible',
'GetMenu',
'MessageBoxW',
'CreateWindowExW',
'GetClassInfoExW',
'RegisterClassW',
'AdjustWindowRectEx',
'ScreenToClient',
'CopyRect',
'PtInRect',
'DefWindowProcW',
'CallWindowProcW',
'SystemParametersInfoA',
'GetWindowPlacement',
'SetMenuItemBitmaps',
'GetMenuCheckMarkDimensions',
'LoadBitmapW',
'GetFocus',
'GetMenuState',
'EnableMenuItem',
'CheckMenuItem',
'DestroyIcon',
'GetCursorPos',
'LoadMenuW',
'SetMenuDefaultItem',
'RemoveMenu',
'ModifyMenuW',
'GetMenuItemID',
'GetMenuItemCount',
'GetSubMenu',
'SetActiveWindow',
'IsIconic',
'UnregisterClassW',
'LoadCursorW',
'RegisterDeviceNotificationW',
'InvalidateRect',
'DestroyMenu',
'SetCursor',
'RemovePropW',
'PostQuitMessage',
'AttachThreadInput',
'GetForegroundWindow',
'GetWindowThreadProcessId',
'UpdateWindow',
'ShowWindow',
'GetWindowLongW',
'LoadIconW',
'SetWindowPos',
'SetTimer',
'KillTimer',
'DrawIcon',
'UnregisterDeviceNotification',
'GetSystemMetrics',
'SetForegroundWindow',
'FindWindowExW',
'GetClassInfoW',
'SetWindowLongW',
'GetSysColorBrush',
'EnumDisplaySettingsW',
'TrackMouseEvent',
'RedrawWindow',
'GetDesktopWindow',
'GetWindow',
'GetDC',
'GetDlgCtrlID',
'GetWindowRect',
'MapDialogRect',
'GetParent',
'GetSysColor',
'GetClientRect',
'SendMessageW',
'EnableWindow',
'PostMessageW',
'UnregisterClassA',
'SetWindowExtEx',
'ScaleWindowExtEx',
'GetStockObject',
'SetViewportExtEx',
'ScaleViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'Escape',
'ExtTextOutW',
'TextOutW',
'RectVisible',
'PtVisible',
'GetMapMode',
'GetObjectW',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'BitBlt',
'DeleteDC',
'SetTextAlign',
'SetMapMode',
'SetBkMode',
'RestoreDC',
'SaveDC',
'SetBkColor',
'SetTextColor',
'GetClipBox',
'CreateBitmap',
'GetViewportExtEx',
'GetWindowExtEx',
'GetTextExtentPoint32W',
'GetTextExtentExPointW',
'CreateFontW',
'GetDeviceCaps',
'DeleteObject',
'SetDIBColorTable',
'CreateDIBSection',
'AlphaBlend',
'ClosePrinter',
'DocumentPropertiesW',
'OpenPrinterW',
'RegSetValueExW',
'RegQueryValueW',
'RegEnumKeyW',
'RegDeleteKeyW',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'RegCreateKeyExW',
'RegOpenKeyW',
'Shell_NotifyIconW',
'InitCommonControlsEx',
'PathFindFileNameW',
'PathFindExtensionW',
'CreateStreamOnHGlobal',
'CoUninitialize',
'CoInitializeEx',
'CoCreateInstance',
'CoFreeUnusedLibrariesEx',
'CoTaskMemFree',
'VariantClear',
'VariantChangeType',
'VariantInit',
'GdipCreateBitmapFromScan0',
'GdipGetImageHeight',
'GdipGetImageWidth',
'GdipGetImagePaletteSize',
'GdipDrawImageRectI',
'GdipCreateBitmapFromStream',
'GdipSetInterpolationMode',
'GdipGetImagePalette',
'GdipAlloc',
'GdipCreateFromHDC',
'GdipCloneImage',
'GdiplusStartup',
'GdiplusShutdown',
'GdipBitmapLockBits',
'GdipFree',
'GdipDisposeImage',
'GdipBitmapUnlockBits',
'GdipDeleteGraphics',
'GdipGetImagePixelFormat',
'GdipDrawImageI',
'GdipGetImageGraphicsContext'],
'LinkerVersion': 8,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 342,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 161456,
'StackReserveSize': 1048576,
'filename': './data/malware/22d47a69e5a223b6afb8eec6b893c780048cc0c4ce950a306ba8fe54caa1b0f7'},
'236f89f80987e348e7caf6669ce8f7f5fa8dd319c4f1ba65e2bb54167e1958f3': {'AddressOfEntryPoint': 57096,
'DebugRVA': 87024,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 86016,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'COMCTL32.dll': 'InitCommonControlsEx',
'KERNEL32.dll': 'HeapSize',
'USER32.dll': 'SendMessageA'},
'ImportedFunctions': ['InitCommonControlsEx',
'GetStartupInfoA',
'LocalFree',
'RemoveDirectoryA',
'GetExitCodeProcess',
'WaitForSingleObject',
'CreateProcessA',
'SetProcessWorkingSetSize',
'GetCurrentProcess',
'GetSystemDirectoryA',
'CreateDirectoryA',
'GetTickCount',
'DeleteFileA',
'CloseHandle',
'GetLastError',
'CreateMutexA',
'GetCurrentProcessId',
'GetModuleFileNameA',
'GetTempPathA',
'LocalAlloc',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceA',
'FreeResource',
'SetFileAttributesA',
'SetFileTime',
'LocalFileTimeToFileTime',
'DosDateTimeToFileTime',
'CreateFileA',
'GetProcAddress',
'GetModuleHandleA',
'SetStdHandle',
'GetLocalTime',
'GetStringTypeW',
'GetStringTypeA',
'HeapReAlloc',
'GetLocaleInfoA',
'HeapFree',
'GetModuleHandleW',
'Sleep',
'ExitProcess',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetFileType',
'MultiByteToWideChar',
'ReadFile',
'WriteFile',
'WideCharToMultiByte',
'GetConsoleCP',
'GetConsoleMode',
'SetFilePointer',
'GetCommandLineA',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSetInformation',
'HeapCreate',
'FlushFileBuffers',
'RtlUnwindEx',
'DeleteCriticalSection',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'GetStdHandle',
'LoadLibraryA',
'InitializeCriticalSectionAndSpinCount',
'SetHandleCount',
'SetEndOfFile',
'GetProcessHeap',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'LCMapStringA',
'LCMapStringW',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'HeapSize',
'GetSystemMetrics',
'CreateWindowExA',
'ShowWindow',
'UpdateWindow',
'DestroyWindow',
'SendMessageA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 102,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 71166312,
'SectionNames': {'.data\x00\x00\x00': 8192,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 13312,
'.rsrc\x00\x00\x00': 71166464,
'.text\x00\x00\x00': 80896},
'StackReserveSize': 1048576,
'filename': './data/malware/236f89f80987e348e7caf6669ce8f7f5fa8dd319c4f1ba65e2bb54167e1958f3'},
'237f2e44426612eb410b1656547ca36ba608f653911c18d3bdd5377774007053': {'AddressOfEntryPoint': 27536,
'DebugRVA': 78512,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 77824,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'VirtualProtect',
'SETUPAPI.dll': 'SetupDiDestroyDeviceInfoList',
'newdev.dll': 'UpdateDriverForPlugAndPlayDevicesA'},
'ImportedFunctions': ['SetupDiCreateDeviceInfoA',
'SetupDiEnumDeviceInfo',
'SetupDiCallClassInstaller',
'SetupDiGetDeviceInstallParamsA',
'SetupDiCreateDeviceInfoList',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiSetDeviceRegistryPropertyA',
'SetupDiGetClassDevsA',
'SetupDiDestroyDeviceInfoList',
'UpdateDriverForPlugAndPlayDevicesA',
'FreeEnvironmentStringsA',
'LCMapStringW',
'LCMapStringA',
'VirtualQuery',
'GetSystemInfo',
'VirtualAlloc',
'lstrcmpiA',
'LocalAlloc',
'LocalFree',
'GetLastError',
'lstrlenA',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'DeleteCriticalSection',
'EnterCriticalSection',
'Sleep',
'InitializeCriticalSection',
'LeaveCriticalSection',
'MultiByteToWideChar',
'GetCommandLineA',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'GetCPInfo',
'ExitProcess',
'GetProcAddress',
'GetModuleHandleA',
'HeapSize',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'TlsAlloc',
'SetLastError',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'HeapSetInformation',
'HeapCreate',
'FlushFileBuffers',
'SetFilePointer',
'CloseHandle',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapReAlloc',
'LoadLibraryA',
'GetACP',
'GetOEMCP',
'IsBadReadPtr',
'IsBadWritePtr',
'IsBadCodePtr',
'ReadFile',
'SetStdHandle',
'VirtualProtect'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 83,
'NumberOfSections': 4,
'OSVersion': 4,
'ResSize': 0,
'StackReserveSize': 1048576,
'filename': './data/malware/237f2e44426612eb410b1656547ca36ba608f653911c18d3bdd5377774007053'},
'23a2dcffda0de0bc85eb46b8705b6533f9f0103e3d707ac729a2936235713339': {'AddressOfEntryPoint': 107836,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 29048,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 29184,
'.text\x00\x00\x00': 596992,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/23a2dcffda0de0bc85eb46b8705b6533f9f0103e3d707ac729a2936235713339'},
'23b091fc7652eb5680b2fa4373a36e8a640ddb6e555c33af29f2842e10912581': {'AddressOfEntryPoint': 86024,
'DebugRVA': 73888,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 73728,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NTOSKRNL.exe': 'KeBugCheckEx',
'storport.sys': 'ScsiPortNotification'},
'ImportedFunctions': ['StorPortGetBusData',
'StorPortGetScatterGatherList',
'StorPortDeviceReady',
'StorPortGetDeviceBase',
'StorPortLogError',
'StorPortSetBusDataByOffset',
'StorPortNotification',
'StorPortGetPhysicalAddress',
'StorPortInitialize',
'StorPortCompleteRequest',
'StorPortReady',
'StorPortGetUncachedExtension',
'StorPortDeviceBusy',
'StorPortStallExecution',
'StorPortDebugPrint',
'ScsiPortNotification',
'KeBugCheckEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 17,
'NumberOfSections': 7,
'OSVersion': 6,
'ResSize': 992,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 66560,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/23b091fc7652eb5680b2fa4373a36e8a640ddb6e555c33af29f2842e10912581'},
'23c28ba9209fbf0ef195a29be1ff95e24eda60aac980e2cb042d036f59c844c9': {'AddressOfEntryPoint': 1074783937,
'DebugRVA': 743984,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 986736,
'ExportSize': 310,
'IATRVA': 741376,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RevertToSelf',
'KERNEL32.dll': 'GetProcAddress',
'USER32.dll': 'RegisterClassExW',
'USERENV.dll': 'CreateEnvironmentBlock',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WINMM.dll': 'timeBeginPeriod',
'WS2_32.dll': 'socket'},
'ImportedFunctions': ['VirtualProtect',
'GetTickCount',
'TerminateProcess',
'EnterCriticalSection',
'LeaveCriticalSection',
'SetInformationJobObject',
'WaitForSingleObject',
'SetLastError',
'GetLastError',
'InitializeCriticalSection',
'TerminateJobObject',
'GetQueuedCompletionStatus',
'SetEvent',
'ResetEvent',
'DuplicateHandle',
'GetCurrentThreadId',
'CreateThread',
'CreateEventW',
'CreateIoCompletionPort',
'DeleteCriticalSection',
'PostQueuedCompletionStatus',
'SignalObjectAndWait',
'SetHandleInformation',
'GetProcessHandleCount',
'VirtualFree',
'LocalFree',
'FreeLibrary',
'LoadLibraryW',
'WriteProcessMemory',
'MapViewOfFile',
'CreateFileMappingW',
'VirtualQueryEx',
'GetExitCodeProcess',
'GetThreadContext',
'AssignProcessToJobObject',
'UnregisterWaitEx',
'RegisterWaitForSingleObject',
'VirtualFreeEx',
'VirtualProtectEx',
'GetFileAttributesW',
'CreateFileW',
'QueryDosDeviceW',
'CreateJobObjectW',
'CreateMutexW',
'GetCurrentProcessId',
'CreateNamedPipeW',
'OpenEventW',
'SearchPathW',
'DebugBreak',
'lstrlenW',
'VirtualQuery',
'ReadProcessMemory',
'GetCurrentDirectoryW',
'ReleaseMutex',
'SetFilePointer',
'WriteFile',
'OutputDebugStringA',
'FormatMessageA',
'MultiByteToWideChar',
'WideCharToMultiByte',
'ExpandEnvironmentStringsW',
'SetEnvironmentVariableW',
'GetUserDefaultLangID',
'RaiseException',
'IsDebuggerPresent',
'SetThreadPriority',
'GetStdHandle',
'OpenProcess',
'HeapSetInformation',
'GetSystemInfo',
'ReadFile',
'GetSystemTimeAsFileTime',
'GetNativeSystemInfo',
'GetVersionExW',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'SystemTimeToFileTime',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'UnmapViewOfFile',
'SwitchToThread',
'SetCurrentDirectoryW',
'FindClose',
'FindNextFileW',
'FindFirstFileW',
'VirtualAlloc',
'InitializeCriticalSectionAndSpinCount',
'TlsGetValue',
'TlsFree',
'TlsSetValue',
'TlsAlloc',
'GetSystemPowerStatus',
'RtlCaptureStackBackTrace',
'GetCurrentThread',
'SetEndOfFile',
'FlushFileBuffers',
'GetFileInformationByHandle',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'WaitForMultipleObjects',
'ReleaseSemaphore',
'RtlCaptureContext',
'CreateSemaphoreW',
'WaitNamedPipeW',
'TransactNamedPipe',
'SetNamedPipeHandleState',
'GetUserDefaultLCID',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'RtlUnwindEx',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'HeapFree',
'GetStartupInfoW',
'LoadLibraryA',
'HeapAlloc',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'GetFileType',
'HeapReAlloc',
'GetProcessHeap',
'RtlPcToFileHeader',
'LCMapStringA',
'LCMapStringW',
'GetCPInfo',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'GetModuleFileNameA',
'HeapCreate',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'HeapSize',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetTimeZoneInformation',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'GetLocaleInfoA',
'GetStringTypeA',
'GetStringTypeW',
'EnumSystemLocalesA',
'IsValidLocale',
'GetLocaleInfoW',
'CreateFileA',
'GetCurrentDirectoryA',
'GetDriveTypeA',
'GetFullPathNameA',
'CompareStringA',
'CompareStringW',
'SetEnvironmentVariableA',
'RemoveVectoredExceptionHandler',
'AddVectoredExceptionHandler',
'SuspendThread',
'ConnectNamedPipe',
'CancelIo',
'GetNamedPipeInfo',
'GetEnvironmentVariableA',
'GetUserDefaultUILanguage',
'LocalAlloc',
'MapViewOfFileEx',
'GetSystemTime',
'lstrlenA',
'PeekNamedPipe',
'DisconnectNamedPipe',
'GetNamedPipeHandleStateW',
'OpenThread',
'SetThreadContext',
'FlushInstructionCache',
'ExitThread',
'FindFirstFileA',
'VirtualAllocEx',
'ResumeThread',
'GetModuleHandleW',
'GetCurrentProcess',
'GetLongPathNameW',
'GetModuleFileNameW',
'QueueUserWorkItem',
'GetTempPathW',
'GetEnvironmentVariableW',
'GetCommandLineW',
'CreateProcessW',
'CloseHandle',
'SetUnhandledExceptionFilter',
'ExitProcess',
'Sleep',
'GetModuleHandleA',
'GetProcAddress',
'PostQuitMessage',
'CallMsgFilterW',
'TranslateMessage',
'DispatchMessageW',
'MsgWaitForMultipleObjectsEx',
'GetQueueStatus',
'PeekMessageW',
'WaitMessage',
'SetTimer',
'KillTimer',
'PostMessageW',
'WaitForInputIdle',
'wsprintfW',
'CharUpperW',
'GetUserObjectInformationW',
'GetThreadDesktop',
'SetProcessWindowStation',
'CreateDesktopW',
'GetProcessWindowStation',
'CreateWindowStationW',
'CloseDesktop',
'MessageBoxW',
'CloseWindowStation',
'UnregisterClassW',
'DestroyWindow',
'DefWindowProcW',
'CreateWindowExW',
'RegisterClassExW',
'SetSecurityInfo',
'RegDisablePredefinedCache',
'RegOpenKeyExW',
'RegCloseKey',
'GetSecurityDescriptorSacl',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'SetTokenInformation',
'GetLengthSid',
'ConvertStringSidToSidW',
'SetThreadToken',
'CreateProcessAsUserW',
'RegCreateKeyExW',
'CreateRestrictedToken',
'DuplicateTokenEx',
'DuplicateToken',
'EqualSid',
'LookupPrivilegeValueW',
'CopySid',
'CreateWellKnownSid',
'GetSecurityInfo',
'GetTokenInformation',
'OpenProcessToken',
'SetEntriesInAclW',
'RegQueryValueExW',
'RegQueryInfoKeyW',
'RegEnumKeyExW',
'RegDeleteValueW',
'RegSetValueExW',
'ConvertSidToStringSidW',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'GetTraceLoggerHandle',
'RegisterTraceGuidsW',
'UnregisterTraceGuids',
'TraceEvent',
'RevertToSelf',
'DestroyEnvironmentBlock',
'CreateEnvironmentBlock',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeEndPeriod',
'timeGetTime',
'timeGetDevCaps',
'timeBeginPeriod',
'accept',
'listen',
'bind',
'setsockopt',
'htonl',
'WSAStartup',
'htons',
'ntohs',
'WSACleanup',
'gethostbyname',
'shutdown',
'select',
'send',
'recv',
'closesocket',
'socket'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 288,
'NumberOfSections': 9,
'OSVersion': 5,
'ResSize': 1504,
'SectionNames': {'.data\x00\x00\x00': 15360,
'.pdata\x00\x00': 39936,
'.rdata\x00\x00': 245760,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 735744,
'.tls\x00\x00\x00\x00': 512,
'data\x00\x00\x00\x00': 8704,
'text\x00\x00\x00\x00': 1536,
'}\x00\x10\x00oc\x00\x00': 11776},
'StackReserveSize': 1048576,
'filename': './data/malware/23c28ba9209fbf0ef195a29be1ff95e24eda60aac980e2cb042d036f59c844c9'},
'23cafd6f0772e7ed7a71251a1aded64f474261809e423d50e543e35271b9b0e9': {'AddressOfEntryPoint': 183812,
'DebugRVA': 315008,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 311296,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteKeyA',
'COMDLG32.dll': 'GetFileTitleA',
'GDI32.dll': 'ExtTextOutA',
'KERNEL32.dll': 'GlobalGetAtomNameA',
'OLEAUT32.dll': 'SysFreeString',
'SHELL32.dll': 'Shell_NotifyIconA',
'SHLWAPI.dll': 'StrStrIA',
'USER32.dll': 'RegisterClassA',
'WINSPOOL.DRV': 'DocumentPropertiesA',
'WTSAPI32.dll': 'WTSRegisterSessionNotification',
'ole32.dll': 'CoRegisterMessageFilter'},
'ImportedFunctions': ['WTSRegisterSessionNotification',
'RegOpenKeyExA',
'RegCloseKey',
'RegCreateKeyExA',
'RegSetValueExA',
'RegQueryValueExA',
'GetNamedSecurityInfoA',
'SetEntriesInAclA',
'SetNamedSecurityInfoA',
'AllocateAndInitializeSid',
'FreeSid',
'RegEnumKeyA',
'RegOpenKeyA',
'RegQueryValueA',
'RegDeleteKeyA',
'CreateFileA',
'GetModuleHandleW',
'SetErrorMode',
'GetTickCount',
'GetFileAttributesA',
'GetFileSizeEx',
'GetFileTime',
'GetCommandLineA',
'GetStartupInfoA',
'HeapAlloc',
'HeapFree',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'Sleep',
'ExitProcess',
'ExitThread',
'CreateThread',
'HeapReAlloc',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'HeapQueryInformation',
'HeapSize',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'GetACP',
'IsValidCodePage',
'GetStdHandle',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'HeapSetInformation',
'HeapCreate',
'GetFullPathNameA',
'GetSystemTimeAsFileTime',
'InitializeCriticalSectionAndSpinCount',
'GetTimeZoneInformation',
'GetDriveTypeA',
'GetStringTypeA',
'GetStringTypeW',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringA',
'LCMapStringW',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CompareStringW',
'SetEnvironmentVariableA',
'OpenMutexA',
'CreateMutexA',
'SetPriorityClass',
'GetCurrentProcess',
'InitializeCriticalSection',
'WTSGetActiveConsoleSessionId',
'GetVersionExA',
'EnterCriticalSection',
'LeaveCriticalSection',
'CreateEventA',
'SetThreadPriority',
'SetEvent',
'LoadLibraryA',
'GetProcAddress',
'GetUserDefaultUILanguage',
'WaitForMultipleObjects',
'CloseHandle',
'SetCurrentDirectoryA',
'WideCharToMultiByte',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceA',
'OpenEventA',
'DeleteCriticalSection',
'FreeLibrary',
'GetWindowsDirectoryA',
'LocalFree',
'FreeResource',
'QueryPerformanceCounter',
'GlobalFree',
'GlobalUnlock',
'GlobalLock',
'lstrlenA',
'GetModuleHandleA',
'lstrcmpW',
'MultiByteToWideChar',
'SetLastError',
'GetLastError',
'CompareStringA',
'GlobalDeleteAtom',
'GlobalFindAtomA',
'GetVolumeInformationA',
'DuplicateHandle',
'GetFileSize',
'SetEndOfFile',
'UnlockFile',
'LockFile',
'FlushFileBuffers',
'SetFilePointer',
'WriteFile',
'ReadFile',
'GetThreadLocale',
'GetCurrentDirectoryA',
'WritePrivateProfileStringA',
'GetOEMCP',
'GetCPInfo',
'TlsFree',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'TlsGetValue',
'GlobalAddAtomA',
'LocalAlloc',
'GlobalFlags',
'FindFirstFileA',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'FindNextFileA',
'FindClose',
'GetModuleFileNameW',
'FormatMessageA',
'MulDiv',
'GetCurrentProcessId',
'SuspendThread',
'WaitForSingleObject',
'ResumeThread',
'GetCurrentThread',
'ConvertDefaultLocale',
'EnumResourceLanguagesA',
'GetModuleFileNameA',
'GetLocaleInfoA',
'lstrcmpA',
'GlobalAlloc',
'GetCurrentThreadId',
'GlobalGetAtomNameA',
'MessageBeep',
'CharUpperA',
'UnregisterClassA',
'RegisterClipboardFormatA',
'PostThreadMessageA',
'EndPaint',
'BeginPaint',
'GetWindowDC',
'ReleaseDC',
'GetDC',
'ClientToScreen',
'GrayStringA',
'DrawTextExA',
'DrawTextA',
'TabbedTextOutA',
'GetWindowThreadProcessId',
'GetMessageA',
'TranslateMessage',
'ValidateRect',
'SetWindowContextHelpId',
'MapDialogRect',
'SetMenuItemBitmaps',
'GetMenuCheckMarkDimensions',
'LoadBitmapA',
'ModifyMenuA',
'GetMenuState',
'EnableMenuItem',
'CheckMenuItem',
'WinHelpA',
'IsChild',
'GetCapture',
'SetWindowsHookExA',
'CallNextHookEx',
'GetClassLongA',
'GetClassLongPtrA',
'GetNextDlgGroupItem',
'GetPropA',
'RemovePropA',
'GetLastActivePopup',
'DispatchMessageA',
'GetTopWindow',
'GetWindowLongPtrA',
'SetWindowLongPtrA',
'UnhookWindowsHookEx',
'GetMessageTime',
'GetMessagePos',
'PeekMessageA',
'MapWindowPoints',
'TrackPopupMenu',
'GetKeyState',
'SetMenu',
'IsWindowVisible',
'UpdateWindow',
'GetMenuItemID',
'GetMenuItemCount',
'MessageBoxA',
'CreateWindowExA',
'GetClassInfoExA',
'GetClassInfoA',
'GetSysColor',
'AdjustWindowRectEx',
'EqualRect',
'CopyRect',
'PtInRect',
'DefWindowProcA',
'CallWindowProcA',
'GetMenu',
'OffsetRect',
'IntersectRect',
'GetWindowPlacement',
'GetWindowRect',
'GetFocus',
'SetWindowPos',
'SetFocus',
'ShowWindow',
'MoveWindow',
'SetWindowLongA',
'GetDlgCtrlID',
'SetWindowTextA',
'IsDialogMessageA',
'ReleaseCapture',
'SetCapture',
'InvalidateRgn',
'InvalidateRect',
'SetRect',
'IsRectEmpty',
'CopyAcceleratorTableA',
'CharNextA',
'GetSysColorBrush',
'DestroyMenu',
'SetPropA',
'SendDlgItemMessageA',
'GetDesktopWindow',
'GetActiveWindow',
'SetActiveWindow',
'CreateDialogIndirectParamA',
'DestroyWindow',
'IsWindow',
'GetWindowLongA',
'GetDlgItem',
'IsWindowEnabled',
'GetParent',
'GetNextDlgTabItem',
'EndDialog',
'GetWindow',
'GetWindowTextA',
'SystemParametersInfoA',
'SetForegroundWindow',
'GetSubMenu',
'LoadMenuA',
'PostMessageA',
'GetClassNameA',
'GetForegroundWindow',
'LoadCursorA',
'KillTimer',
'DrawIcon',
'GetClientRect',
'GetSystemMetrics',
'IsIconic',
'SetTimer',
'SendMessageA',
'PostQuitMessage',
'LoadIconA',
'RegisterWindowMessageA',
'EnableWindow',
'SetCursor',
'GetCursorPos',
'RegisterClassA',
'SaveDC',
'RestoreDC',
'SetMapMode',
'DeleteObject',
'GetViewportExtEx',
'GetWindowExtEx',
'PtVisible',
'RectVisible',
'TextOutA',
'CreateBitmap',
'Escape',
'SelectObject',
'SetViewportOrgEx',
'OffsetViewportOrgEx',
'SetViewportExtEx',
'SetWindowExtEx',
'ScaleWindowExtEx',
'ExtSelectClipRgn',
'DeleteDC',
'GetStockObject',
'GetBkColor',
'GetTextColor',
'CreateRectRgnIndirect',
'GetRgnBox',
'GetMapMode',
'ScaleViewportExtEx',
'GetDeviceCaps',
'GetObjectA',
'SetBkColor',
'SetTextColor',
'GetClipBox',
'ExtTextOutA',
'GetFileTitleA',
'OpenPrinterA',
'ClosePrinter',
'DocumentPropertiesA',
'ShellExecuteExA',
'Shell_NotifyIconA',
'PathFindExtensionA',
'PathFindFileNameA',
'PathStripToRootA',
'PathIsUNCA',
'StrStrIA',
'CoRevokeClassObject',
'OleInitialize',
'CoFreeUnusedLibraries',
'OleUninitialize',
'CreateILockBytesOnHGlobal',
'StgCreateDocfileOnILockBytes',
'StgOpenStorageOnILockBytes',
'CoGetClassObject',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'CLSIDFromProgID',
'OleIsCurrentClipboard',
'OleFlushClipboard',
'CoRegisterMessageFilter',
'SysStringLen',
'VariantCopy',
'SysAllocString',
'SafeArrayDestroy',
'SystemTimeToVariantTime',
'VariantTimeToSystemTime',
'OleCreateFontIndirect',
'SysAllocStringByteLen',
'VariantClear',
'VariantChangeType',
'VariantInit',
'SysAllocStringLen',
'SysFreeString'],
'LinkerVersion': 9,
'NumberOfImportDLL': 12,
'NumberOfImportFunctions': 368,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 181608,
'SectionNames': {'.data\x00\x00\x00': 13824,
'.pdata\x00\x00': 21504,
'.rdata\x00\x00': 108032,
'.reloc\x00\x00': 12800,
'.rsrc\x00\x00\x00': 181760,
'.text\x00\x00\x00': 305152},
'StackReserveSize': 1048576,
'filename': './data/malware/23cafd6f0772e7ed7a71251a1aded64f474261809e423d50e543e35271b9b0e9'},
'241d986b7b36353853127986de8d4687eec42b9c39bad2824c90ab4f18cc4961': {'AddressOfEntryPoint': 113072,
'DebugRVA': 182672,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 180224,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteKeyW',
'COMCTL32.dll': '_TrackMouseEvent',
'GDI32.dll': 'SelectObject',
'KERNEL32.dll': 'WriteConsoleW',
'OLEAUT32.dll': 'VarUI4FromStr',
'PSAPI.DLL': 'GetModuleFileNameExW',
'RPCRT4.dll': 'UuidCreate',
'SHELL32.dll': 'SHChangeNotify',
'SHLWAPI.dll': 'SHDeleteEmptyKeyW',
'USER32.dll': 'EnableWindow',
'VERSION.dll': 'GetFileVersionInfoW',
'imagehlp.dll': 'BindImageEx',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['GetFileVersionInfoSizeW',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetModuleFileNameExW',
'BindImageEx',
'UuidCreate',
'GetTempFileNameW',
'LoadLibraryW',
'GetCommandLineW',
'RaiseException',
'GetProcAddress',
'SetEvent',
'DeleteCriticalSection',
'RemoveDirectoryW',
'FreeLibrary',
'FindFirstFileW',
'CreateThread',
'WideCharToMultiByte',
'MulDiv',
'lstrcmpW',
'GetVersionExW',
'DeleteFileW',
'FlushInstructionCache',
'FindNextFileW',
'CreateDirectoryW',
'FindClose',
'CreateMutexW',
'GetPrivateProfileStringW',
'GetLastError',
'GetPrivateProfileIntW',
'CloseHandle',
'GetPrivateProfileSectionW',
'MultiByteToWideChar',
'EnterCriticalSection',
'CreateEventW',
'InitializeCriticalSection',
'GetModuleHandleW',
'CreateFileMappingW',
'WaitForMultipleObjects',
'SetLastError',
'GetSystemInfo',
'MoveFileExW',
'GetWindowsDirectoryW',
'GetDriveTypeW',
'DuplicateHandle',
'GetSystemDirectoryW',
'GetDiskFreeSpaceExW',
'GetCurrentProcess',
'GetCurrentDirectoryW',
'CreateProcessW',
'LockResource',
'WaitForSingleObject',
'lstrlenW',
'MapViewOfFile',
'ReadFile',
'FindResourceExW',
'LeaveCriticalSection',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'SetFilePointer',
'LoadLibraryA',
'SetCurrentDirectoryW',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'GetSystemTimeAsFileTime',
'GetTickCount',
'QueryPerformanceCounter',
'GetStartupInfoA',
'GetFileType',
'SetHandleCount',
'GetCommandLineA',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'IsValidCodePage',
'GetOEMCP',
'GetCPInfo',
'GetModuleFileNameA',
'GetStdHandle',
'RtlPcToFileHeader',
'HeapCreate',
'HeapSetInformation',
'ExitProcess',
'Sleep',
'FlsAlloc',
'FlsFree',
'TlsFree',
'FlsSetValue',
'FlsGetValue',
'GetModuleHandleA',
'RtlCaptureContext',
'IsDebuggerPresent',
'UnhandledExceptionFilter',
'TerminateProcess',
'RtlUnwindEx',
'GetStartupInfoW',
'InterlockedPopEntrySList',
'VirtualAlloc',
'VirtualFree',
'InterlockedPushEntrySList',
'GetProcessHeap',
'HeapSize',
'HeapReAlloc',
'HeapFree',
'GetStringTypeA',
'HeapAlloc',
'HeapDestroy',
'GetVersionExA',
'GetThreadLocale',
'GetLocaleInfoA',
'GetACP',
'LocalFree',
'GetTempPathW',
'GetExitCodeProcess',
'UnmapViewOfFile',
'LoadLibraryExW',
'SetStdHandle',
'SetUnhandledExceptionFilter',
'CompareStringW',
'FindResourceW',
'GetCurrentProcessId',
'CopyFileW',
'GetFileSize',
'LoadResource',
'OpenMutexW',
'WriteFile',
'lstrcpyW',
'GetModuleFileNameW',
'Process32NextW',
'GetCurrentThreadId',
'SizeofResource',
'lstrlenA',
'lstrcmpiW',
'CreateFileW',
'GetConsoleCP',
'GetConsoleMode',
'CreateFileA',
'LCMapStringA',
'LCMapStringW',
'FlushFileBuffers',
'GetStringTypeW',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'ExitWindowsEx',
'SetCursor',
'GetSysColor',
'GetCursorPos',
'FillRect',
'UnregisterClassA',
'IsWindow',
'CreateDialogParamW',
'CallWindowProcW',
'DialogBoxParamW',
'SendMessageW',
'DestroyWindow',
'UpdateWindow',
'WaitForInputIdle',
'GetSystemMetrics',
'MessageBoxW',
'LoadImageW',
'DispatchMessageW',
'GetSysColorBrush',
'LoadBitmapW',
'TranslateMessage',
'GetNextDlgTabItem',
'IsWindowEnabled',
'SetDlgItemTextW',
'PeekMessageW',
'DrawTextW',
'SetFocus',
'GetWindow',
'SetWindowPos',
'MsgWaitForMultipleObjects',
'GetClassNameW',
'SetWindowTextW',
'SetCapture',
'CharNextW',
'LoadCursorW',
'OffsetRect',
'SetRectEmpty',
'KillTimer',
'ScreenToClient',
'SetWindowLongW',
'GetFocus',
'GetCapture',
'ShowWindow',
'ReleaseCapture',
'SetTimer',
'GetMessagePos',
'GetClientRect',
'DrawFocusRect',
'EndDialog',
'DefWindowProcW',
'GetWindowTextW',
'ReleaseDC',
'SetWindowLongPtrW',
'GetWindowLongPtrW',
'GetWindowTextLengthW',
'GetParent',
'BeginPaint',
'InvalidateRect',
'GetDlgCtrlID',
'GetDC',
'GetActiveWindow',
'CreateWindowExW',
'GetDlgItem',
'EndPaint',
'PtInRect',
'GetWindowRect',
'GetWindowLongW',
'MessageBeep',
'EnableWindow',
'CreateFontIndirectW',
'GetStockObject',
'DeleteObject',
'GetObjectW',
'SetBkMode',
'SetTextColor',
'SetBkColor',
'GetDeviceCaps',
'SelectObject',
'CloseServiceHandle',
'AdjustTokenPrivileges',
'UnlockServiceDatabase',
'RegSetValueExW',
'LookupPrivilegeValueW',
'LockServiceDatabase',
'OpenProcessToken',
'RegQueryValueExW',
'OpenSCManagerW',
'RegCloseKey',
'RegOpenKeyExW',
'RegCreateKeyExW',
'RegDeleteValueW',
'RegEnumKeyExW',
'RegQueryInfoKeyW',
'RegDeleteKeyW',
'SHCreateDirectoryExW',
'ShellExecuteW',
'CommandLineToArgvW',
'SHGetSpecialFolderPathW',
'SHBrowseForFolderW',
'SHGetMalloc',
'SHGetPathFromIDListW',
'SHChangeNotify',
'CLSIDFromString',
'OleUninitialize',
'StringFromCLSID',
'OleInitialize',
'CoTaskMemAlloc',
'CoTaskMemRealloc',
'CoTaskMemFree',
'CoCreateInstance',
'VarUI4FromStr',
'PathAddBackslashW',
'PathGetCharTypeW',
'SHDeleteKeyW',
'SHDeleteEmptyKeyW',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_AddMasked',
'_TrackMouseEvent'],
'LinkerVersion': 8,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 264,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 231448,
'StackReserveSize': 1048576,
'filename': './data/malware/241d986b7b36353853127986de8d4687eec42b9c39bad2824c90ab4f18cc4961'},
'242335f7306a747874d99734e86f4cbf9b90cd6af0ff6ad4cdc1c6d1716d89a9': {'AddressOfEntryPoint': 3221545949,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 325624,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'SetHandleCount',
'OLEAUT32.dll': 'CreateErrorInfo',
'USER32.dll': 'KillTimer',
'ole32.dll': 'CoInitialize'},
'ImportedFunctions': ['lstrlenW',
'GetLastError',
'lstrlenA',
'IsDBCSLeadByte',
'lstrcmpiA',
'DeleteCriticalSection',
'InitializeCriticalSection',
'lstrcatA',
'lstrcpynA',
'GetModuleFileNameA',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'SizeofResource',
'LoadResource',
'FindResourceA',
'LoadLibraryExA',
'CloseHandle',
'WaitForSingleObject',
'CreateEventA',
'CreateThread',
'Sleep',
'WaitForMultipleObjects',
'WideCharToMultiByte',
'GetCurrentThreadId',
'GetCommandLineA',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'SetConsoleCtrlHandler',
'SetEnvironmentVariableA',
'CompareStringW',
'CompareStringA',
'GetLocaleInfoW',
'GetTimeZoneInformation',
'FlushFileBuffers',
'LCMapStringW',
'LCMapStringA',
'GetStringTypeW',
'GetStringTypeA',
'IsValidCodePage',
'IsValidLocale',
'EnumSystemLocalesA',
'GetLocaleInfoA',
'MultiByteToWideChar',
'__C_specific_handler',
'VirtualQuery',
'GetSystemInfo',
'VirtualAlloc',
'VirtualProtect',
'GetVersionExA',
'CompareFileTime',
'OutputDebugStringA',
'lstrcpyA',
'CreateMutexA',
'GetUserDefaultLCID',
'GetTimeFormatA',
'GetDateFormatA',
'SetStdHandle',
'IsBadCodePtr',
'GetCPInfo',
'GetOEMCP',
'GetACP',
'SetFilePointer',
'GetFileType',
'ExitProcess',
'HeapReAlloc',
'HeapDestroy',
'HeapCreate',
'HeapSetInformation',
'EnterCriticalSection',
'FatalAppExitA',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'LocalFree',
'RtlUnwindEx',
'IsBadWritePtr',
'IsBadReadPtr',
'HeapValidate',
'DebugBreak',
'GetStdHandle',
'WriteFile',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'TlsAlloc',
'SetLastError',
'GetCurrentThread',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'GetModuleHandleA',
'LeaveCriticalSection',
'SetHandleCount',
'EnumDisplaySettingsA',
'CharNextA',
'PostThreadMessageA',
'ChangeDisplaySettingsExA',
'ChangeDisplaySettingsA',
'PostMessageA',
'SendNotifyMessageA',
'FindWindowA',
'CharPrevA',
'RegisterClassA',
'CreateWindowExA',
'DispatchMessageA',
'GetMessageA',
'SetTimer',
'PostQuitMessage',
'RegisterWindowMessageA',
'DefWindowProcA',
'KillTimer',
'RegQueryInfoKeyA',
'RegEnumValueA',
'RegDeleteValueA',
'RegOpenKeyExA',
'RegEnumKeyExA',
'RegDeleteKeyA',
'RegSetValueExA',
'RegQueryValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'CoCreateInstance',
'CoRevokeClassObject',
'CoRegisterClassObject',
'CoTaskMemFree',
'CoTaskMemAlloc',
'CoTaskMemRealloc',
'CoSuspendClassObjects',
'CoUninitialize',
'CoInitialize',
'SysStringLen',
'RegisterTypeLib',
'LoadTypeLib',
'VarUI4FromStr',
'SysFreeString',
'SysAllocString',
'GetErrorInfo',
'VariantClear',
'VariantChangeType',
'VariantInit',
'SetErrorInfo',
'CreateErrorInfo'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 156,
'NumberOfSections': 6,
'OSVersion': 4,
'ResSize': 3984,
'StackReserveSize': 1048576,
'filename': './data/malware/242335f7306a747874d99734e86f4cbf9b90cd6af0ff6ad4cdc1c6d1716d89a9'},
'2444a501dccaf6f2dd85102fa014e41d9bde5f0d20267084c37ccdd99b21d9b3': {'AddressOfEntryPoint': 766848,
'DebugRVA': 152992,
'DebugSize': 28,
'Dll': 128,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 151552,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 992,
'SectionNames': {'.data\x00\x00\x00': 155136,
'.pdata\x00\x00': 4096,
'.rdata\x00\x00': 17408,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 147456,
'INIT\x00\x00\x00\x00': 8704,
'PAGE\x00\x00\x00\x00': 512},
'StackReserveSize': 262144,
'filename': './data/malware/2444a501dccaf6f2dd85102fa014e41d9bde5f0d20267084c37ccdd99b21d9b3'},
'24d88bd850dc75992c0facd5091db956aa95c42c8296e7bf9ef0dbd115cdf410': {'AddressOfEntryPoint': 103394,
'DebugRVA': 4880,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'KERNEL32.dll': 'FlushFileBuffers',
'OLEAUT32.dll': 'SysAllocString',
'ole32.dll': 'CoInitialize'},
'ImportedFunctions': ['GetLocalTime',
'Sleep',
'OutputDebugStringW',
'GetVersionExW',
'CreateFileW',
'CloseHandle',
'WriteConsoleW',
'SetStdHandle',
'VirtualQuery',
'GetSystemInfo',
'SetThreadStackGuarantee',
'VirtualAlloc',
'VirtualProtect',
'GetCommandLineA',
'GetLastError',
'HeapFree',
'RaiseException',
'RtlPcToFileHeader',
'HeapAlloc',
'SetUnhandledExceptionFilter',
'GetProcAddress',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'EncodePointer',
'DecodePointer',
'FlsFree',
'SetLastError',
'FlsSetValue',
'FlsGetValue',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlUnwindEx',
'EnterCriticalSection',
'LeaveCriticalSection',
'OutputDebugStringA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'HeapReAlloc',
'HeapSize',
'InitializeCriticalSectionAndSpinCount',
'LoadLibraryW',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'FlushFileBuffers',
'CoCreateInstance',
'CoUninitialize',
'CoInitialize',
'SafeArrayUnaccessData',
'SysFreeString',
'VariantInit',
'SafeArrayCreate',
'VariantClear',
'SafeArrayAccessData',
'SysAllocString'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 81,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1464,
'SectionNames': {'.data\x00\x00\x00': 6144,
'.pdata\x00\x00': 3072,
'.reloc\x00\x00': 5120,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 72704},
'StackReserveSize': 524288,
'filename': './data/malware/24d88bd850dc75992c0facd5091db956aa95c42c8296e7bf9ef0dbd115cdf410'},
'24de8cd24631271add833dc11b601d46f2de5f4e5d7380fcaaff0aa28d544756': {'AddressOfEntryPoint': 51236,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 347408,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 347648,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/24de8cd24631271add833dc11b601d46f2de5f4e5d7380fcaaff0aa28d544756'},
'24f3521bafd4747a082fa64043c4c362a16c1612a4b076d1fa146c2ef71939e5': {'AddressOfEntryPoint': 5220,
'DebugRVA': 4480,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['GetLastError',
'CloseHandle',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetExitCodeProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetSystemDirectoryW',
'WaitForSingleObject',
'ExitProcess',
'CreateProcessW',
'GetCommandLineW',
'TerminateProcess',
'HeapSetInformation',
'EnumResourceNamesW',
'FindResourceW',
'LoadResource',
'HeapAlloc',
'HeapFree',
'CreateDirectoryW',
'GetProcessHeap',
'WriteFile',
'SizeofResource',
'CreateFileW',
'GetCurrentDirectoryW',
'LockResource',
'SetCurrentDirectoryW',
'DeleteFileW',
'SetFileAttributesW',
'RegOpenKeyExW',
'RegSetValueExW',
'RegCloseKey',
'RegQueryValueExW',
'RegCreateKeyExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 44,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 2197008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2197504,
'.text\x00\x00\x00': 6144},
'StackReserveSize': 524288,
'filename': './data/malware/24f3521bafd4747a082fa64043c4c362a16c1612a4b076d1fa146c2ef71939e5'},
'2512ec4c9e7b9fa27df463b70c22867ea87896a68d24854a8f10fc4da1a6bd1b': {'AddressOfEntryPoint': 18492,
'DebugRVA': 49776,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'HeapReAlloc'},
'ImportedFunctions': ['WriteProcessMemory',
'VirtualProtectEx',
'GetProcAddress',
'GetModuleHandleW',
'ReadProcessMemory',
'WideCharToMultiByte',
'OpenProcess',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'GetLastError',
'FlsAlloc',
'HeapAlloc',
'HeapFree',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'Sleep',
'ExitProcess',
'GetModuleFileNameW',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'LoadLibraryA',
'GetLocaleInfoA',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'InitializeCriticalSectionAndSpinCount',
'HeapReAlloc'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 65,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1424,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 14848,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 42496},
'StackReserveSize': 1048576,
'filename': './data/malware/2512ec4c9e7b9fa27df463b70c22867ea87896a68d24854a8f10fc4da1a6bd1b'},
'25680ce9e31c5642bd173d611ac465ca7166f7504d67a58e20fb5e6fd20f875d': {'AddressOfEntryPoint': 74096,
'DebugRVA': 25312,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegEnumKeyA',
'KERNEL32.dll': 'GetModuleFileNameA',
'jli.dll': 'JLI_MemFree',
'msvcrt.dll': '_strnicmp'},
'ImportedFunctions': ['JLI_ExactVersionId',
'JLI_JarUnpackFile',
'JLI_StringDup',
'JLI_ParseManifest',
'JLI_ValidVersionString',
'JLI_AcceptableRelease',
'JLI_FreeManifest',
'JLI_MemAlloc',
'JLI_MemFree',
'RegOpenKeyExA',
'RegCloseKey',
'RegQueryValueExA',
'RegEnumKeyA',
'_beginthreadex',
'_putenv',
'__C_specific_handler',
'_XcptFilter',
'_c_exit',
'_exit',
'_cexit',
'__initenv',
'__getmainargs',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'fflush',
'_errno',
'strerror',
'strchr',
'fgets',
'strcspn',
'strspn',
'strrchr',
'fopen',
'fwrite',
'fread',
'fclose',
'_iob',
'fprintf',
'memset',
'getenv',
'strcmp',
'exit',
'strcpy',
'strcat',
'printf',
'sprintf',
'memcpy',
'strncmp',
'sscanf',
'strlen',
'_access',
'_stat',
'_strnicmp',
'GetLastError',
'CloseHandle',
'FormatMessageA',
'WaitForSingleObject',
'CreateProcessA',
'LocalFree',
'QueryPerformanceFrequency',
'QueryPerformanceCounter',
'GetExitCodeProcess',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'LoadLibraryA',
'GetProcAddress',
'GetExitCodeThread',
'FreeLibrary',
'GetCommandLineA',
'GetModuleFileNameA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 82,
'NumberOfSections': 6,
'OSVersion': 4,
'ResSize': 2016,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 11776,
'.rsrc\x00\x00\x00': 29696,
'.text\x00\x00\x00': 17408,
'dbfgqnm\x00': 0},
'StackReserveSize': 1048576,
'filename': './data/malware/25680ce9e31c5642bd173d611ac465ca7166f7504d67a58e20fb5e6fd20f875d'},
'259486b3ef32096ae8cdecdf20025ca282ff9722be54d71de79f5b36e69b1016': {'AddressOfEntryPoint': 51968,
'DebugRVA': 54848,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 53248,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 20152,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 2560,
'.rdata\x00\x00': 13824,
'.rsrc\x00\x00\x00': 20480,
'.text\x00\x00\x00': 49152},
'StackReserveSize': 1048576,
'filename': './data/malware/259486b3ef32096ae8cdecdf20025ca282ff9722be54d71de79f5b36e69b1016'},
'25b03b6520ebb0d532111143b88a4271ba0cdb3beb485b2980d7dc5d92b39fa8': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1022404,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1022464,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/25b03b6520ebb0d532111143b88a4271ba0cdb3beb485b2980d7dc5d92b39fa8'},
'262f4534a3f41a1d00ccab7cb1ca330a6c39204529e650d95bf168d3be52307d': {'AddressOfEntryPoint': 34224,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 94208,
'ImageBase': 5368709120,
'ImageVersion': 2,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteValueA',
'GDI32.dll': 'CreateCompatibleDC',
'KERNEL32.dll': 'FlsGetValue',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'CreateDialogParamA'},
'ImportedFunctions': ['CreateFileA',
'HeapSize',
'HeapReAlloc',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'InitializeCriticalSection',
'GetLocaleInfoA',
'GetStringTypeW',
'GetStringTypeA',
'LCMapStringW',
'MultiByteToWideChar',
'LCMapStringA',
'FlushFileBuffers',
'MapViewOfFileEx',
'GetConsoleMode',
'GetConsoleCP',
'SetFilePointer',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'HeapCreate',
'HeapSetInformation',
'DeleteCriticalSection',
'GetFileType',
'SetHandleCount',
'GetEnvironmentStringsW',
'WideCharToMultiByte',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'RtlUnwindEx',
'GetModuleFileNameA',
'GetStdHandle',
'WriteFile',
'FlsAlloc',
'GetCurrentThreadId',
'QueryPerformanceCounter',
'ReadProcessMemory',
'CreateMutexA',
'GetLastError',
'CloseHandle',
'LeaveCriticalSection',
'OpenFileMappingA',
'QueryPerformanceFrequency',
'GetSystemDirectoryA',
'GetVersionExA',
'GetCurrentThread',
'SetThreadPriority',
'Sleep',
'UnmapViewOfFile',
'ExitProcess',
'GetModuleHandleA',
'GetCurrentProcess',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'GetTickCount',
'SwitchToThread',
'EnterCriticalSection',
'SetLastError',
'FlsFree',
'TlsFree',
'FlsSetValue',
'GetCommandLineA',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'EnableWindow',
'GetDlgItemTextA',
'GetCursorPos',
'LoadMenuA',
'GetSubMenu',
'TrackPopupMenu',
'DestroyMenu',
'BeginPaint',
'EndPaint',
'PostQuitMessage',
'GetWindowPlacement',
'SetWindowTextA',
'SendMessageA',
'SetFocus',
'GetDlgItemInt',
'SendDlgItemMessageA',
'DestroyWindow',
'DestroyIcon',
'GetDC',
'ReleaseDC',
'LoadIconA',
'LoadImageA',
'GetSystemMetrics',
'MapVirtualKeyA',
'SetWindowRgn',
'ScreenToClient',
'InvalidateRect',
'UpdateWindow',
'GetWindowRect',
'MoveWindow',
'SetWindowPos',
'MessageBoxA',
'SetWindowsHookExA',
'SetDlgItemInt',
'PeekMessageA',
'TranslateMessage',
'DispatchMessageA',
'MsgWaitForMultipleObjectsEx',
'UnhookWindowsHookEx',
'CallNextHookEx',
'GetKeyNameTextA',
'SetDlgItemTextA',
'GetDlgItem',
'PostMessageA',
'ShowWindow',
'SetForegroundWindow',
'GetAsyncKeyState',
'keybd_event',
'CreateDialogParamA',
'SelectObject',
'StretchBlt',
'DeleteDC',
'SetBkMode',
'GetDeviceCaps',
'GetStockObject',
'CreateRoundRectRgn',
'DeleteObject',
'CreateCompatibleDC',
'RegQueryValueExA',
'RegCreateKeyExA',
'RegSetValueExA',
'RegCloseKey',
'RegDeleteValueA',
'ShellExecuteA',
'SHGetMalloc',
'SHBrowseForFolderA',
'SHGetPathFromIDListA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 148,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 1434816,
'StackReserveSize': 1048576,
'filename': './data/malware/262f4534a3f41a1d00ccab7cb1ca330a6c39204529e650d95bf168d3be52307d'},
'2631aafa045b1953c09502c92f520acecfd0b17a6f059a2e7f10ce77dd3c632e': {'AddressOfEntryPoint': 107836,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 37672,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 596992,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/2631aafa045b1953c09502c92f520acecfd0b17a6f059a2e7f10ce77dd3c632e'},
'2691c4a41aad316f6fbfa2224f639edd890e38ebd0593fc1b8a9c2f7bfc4782d': {'AddressOfEntryPoint': 51236,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 77824,
'ExportSize': 12984088,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'GetVolumeInformationA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'GetFileVersionInfoSizeA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['RegCloseKey',
'RegQueryInfoKeyA',
'GetTokenInformation',
'FreeSid',
'RegSetValueExA',
'LookupPrivilegeValueA',
'RegDeleteValueA',
'RegCreateKeyExA',
'AllocateAndInitializeSid',
'EqualSid',
'RegQueryValueExA',
'RegOpenKeyExA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'WritePrivateProfileStringA',
'LocalFree',
'FindFirstFileA',
'_lclose',
'DeleteFileA',
'lstrlenA',
'GetLastError',
'GetFileAttributesA',
'ExpandEnvironmentStringsA',
'GetProcAddress',
'_llseek',
'GetWindowsDirectoryA',
'RemoveDirectoryA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'FreeLibrary',
'GetModuleFileNameA',
'FindNextFileA',
'SetFileAttributesA',
'GlobalFree',
'GetCurrentProcess',
'FindClose',
'GetPrivateProfileStringA',
'CompareStringA',
'LoadLibraryA',
'GlobalAlloc',
'GlobalUnlock',
'GlobalLock',
'GetPrivateProfileIntA',
'_lopen',
'GetShortPathNameA',
'LoadLibraryExA',
'ExitProcess',
'CloseHandle',
'GetCurrentDirectoryA',
'WriteFile',
'DosDateTimeToFileTime',
'SetCurrentDirectoryA',
'CreateFileA',
'FindResourceA',
'GetDriveTypeA',
'GetVersionExA',
'SetFilePointer',
'GetVersion',
'FreeResource',
'GetTempPathA',
'GetTempFileNameA',
'CreateThread',
'ResetEvent',
'LocalFileTimeToFileTime',
'CreateDirectoryA',
'TerminateThread',
'LoadResource',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'LockResource',
'WaitForSingleObject',
'CreateProcessA',
'SetEvent',
'ReadFile',
'GetSystemInfo',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'Sleep',
'CreateMutexA',
'lstrcmpA',
'LocalAlloc',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'GetVolumeInformationA',
'GetDeviceCaps',
'CallWindowProcA',
'PeekMessageA',
'EnableWindow',
'SetWindowTextA',
'DispatchMessageA',
'MessageBoxA',
'SetForegroundWindow',
'SetWindowLongPtrA',
'MsgWaitForMultipleObjects',
'ShowWindow',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'GetDlgItem',
'SendMessageA',
'GetWindowRect',
'GetWindowLongPtrA',
'SendDlgItemMessageA',
'GetDC',
'SetWindowPos',
'SetDlgItemTextA',
'MessageBeep',
'CharUpperA',
'EndDialog',
'CharNextA',
'GetDesktopWindow',
'ExitWindowsEx',
'CharPrevA',
'LoadStringA',
'ReleaseDC',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'VerQueryValueA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 12985100,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 12985344,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/2691c4a41aad316f6fbfa2224f639edd890e38ebd0593fc1b8a9c2f7bfc4782d'},
'26c7eabb7226dbeffc544d040e0d83c311c2b40dbd64044994686b37dc2a45e3': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 349732,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 350208,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/26c7eabb7226dbeffc544d040e0d83c311c2b40dbd64044994686b37dc2a45e3'},
'26f557b692a934da20fe12ece8ae586dee70e08b4055f8e8e7715404dfe094d2': {'AddressOfEntryPoint': 101056,
'DebugRVA': 215968,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 281808,
'ExportSize': 3644,
'IATRVA': 212992,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADMIN_CLASS_LIB.dll': '?WriteLogVariable@CLog@@UEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4eSeverity@nsCLog@@PEB_WZZ',
'ADVAPI32.dll': 'RegSetValueExW',
'FingerprintLibrary.dll': 'HTFP_SetSuPwd',
'GDI32.dll': 'ExtTextOutW',
'KERNEL32.dll': 'SizeofResource',
'OLEAUT32.dll': 'GetErrorInfo',
'SHELL32.dll': 'ShellExecuteW',
'SHLWAPI.dll': 'PathFindFileNameW',
'ShowErrMsg.dll': 'ShowErrorMessageEx',
'USER32.dll': 'SetCursor',
'WINSPOOL.DRV': 'ClosePrinter',
'eDSop.dll': 'HTOP_RegisterToWebSite',
'keyManager.dll': 'HTKM_CreateSystemKeyOfTPM',
'ole32.dll': 'CoUninitialize',
'sysenv.dll': 'PathAppendW_s'},
'ImportedFunctions': ['HT_ReadINIFileW',
'HT_ReadINIFileA',
'HT_IsGuestsGroup',
'HT_ReadLangINIFileW',
'HT_ReadLangINIFileEXW',
'HT_WriteLastSPWUseChgTime',
'HT_WriteINIFileA',
'HT_WriteINIFileW',
'PathAppendW_s',
'HTKM_CreateKeyStore',
'HTKM_CreateSystemKeyOfTPM',
'ShowErrorMessage',
'ShowErrorMessageEx',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegDeleteKeyW',
'RegCloseKey',
'RegOpenKeyW',
'RegEnumKeyW',
'RegQueryValueW',
'RegSetValueExW',
'??1CTPMExaminer@@UEAA@XZ',
'?WriteLog@CLog@@UEAAHW4eSeverity@nsCLog@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z',
'?WriteLog@CLog@@UEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4eSeverity@nsCLog@@0@Z',
'?AddAppender@CLog@@UEAAHPEAVCLogAppender@@@Z',
'??0CTPMExamination@@QEAA@PEAVCTPMExaminer@@@Z',
'RenameOldPSDFolder',
'??0CPSDInitPSDManager@@QEAA@XZ',
'?CreateNewOrUseExistPSD@CPSDInitPSDManager@@QEAAIXZ',
'??1CPSDInitPSDManager@@UEAA@XZ',
'?WriteLog@CEventLogAppender@@UEAA_NW4eSeverity@nsCLog@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z',
'?WriteLog@CFileLogAppender@@UEAA_NW4eSeverity@nsCLog@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z',
'??0CTPMSimpleExaminer@@QEAA@XZ',
'?SetSourceName@CLog@@UEAAAEAV1@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z',
'?WriteLogHex@CLog@@UEAAHW4eSeverity@nsCLog@@PEAEH@Z',
'?WriteLogVariable@CLog@@UEAAHW4eSeverity@nsCLog@@PEB_WZZ',
'?OnNotEnabled@CTPMSimpleExaminer@@UEAAXXZ',
'?OnNotUserInitialized@CTPMSimpleExaminer@@UEAAXXZ',
'?OnNotInitialized@CTPMSimpleExaminer@@UEAAXXZ',
'?OnInitializedAndEnabled@CTPMSimpleExaminer@@UEAAXXZ',
'?ReportErrorMessage@CEDSException@@UEAAXXZ',
'?ReportError@CEDSException@@UEAAHIII@Z',
'??1CRecoverable@@UEAA@XZ',
'??1CLogAppender@@UEAA@XZ',
'??1CFileLogAppender@@UEAA@XZ',
'??1CEventLogAppender@@UEAA@XZ',
'??0CPSDDevice@@QEAA@IK@Z',
'??1CIni@@UEAA@XZ',
'??0CPSDManager@@QEAA@PEB_WI@Z',
'??1CEDSException@@UEAA@XZ',
'??1CTPMSimpleExaminer@@UEAA@XZ',
'?exam@CTPMExamination@@AEAAHXZ',
'?examTPMSysKey@CTPMExamination@@AEAAHXZ',
'??1CTPMExamination@@UEAA@XZ',
'?WriteLogVariable@CLog@@UEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4eSeverity@nsCLog@@PEB_WZZ',
'HTFP_DelFPPwd',
'HTFP_GetFPDeviceStatus',
'HTFP_SetSuPwd',
'HTOP_RegisterToWebSite',
'ReadFile',
'WriteFile',
'SetFilePointer',
'FlushFileBuffers',
'SetEndOfFile',
'GetThreadLocale',
'GetCurrentProcess',
'GlobalFindAtomW',
'CreateFileW',
'lstrlenA',
'SetErrorMode',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoW',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RaiseException',
'RtlPcToFileHeader',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'ExitProcess',
'HeapReAlloc',
'HeapSize',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'RtlVirtualUnwind',
'GetLocaleInfoA',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'LoadLibraryA',
'GetVersionExA',
'GetModuleHandleA',
'GlobalFlags',
'TlsFree',
'DeleteCriticalSection',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'LocalAlloc',
'WritePrivateProfileStringW',
'GetCurrentProcessId',
'GlobalAddAtomW',
'GetCurrentThread',
'GetCurrentThreadId',
'ConvertDefaultLocale',
'GetVersion',
'EnumResourceLanguagesW',
'GetModuleFileNameW',
'lstrcmpA',
'GetLocaleInfoW',
'LoadLibraryW',
'MultiByteToWideChar',
'FreeLibrary',
'GlobalDeleteAtom',
'GetModuleHandleW',
'GetProcAddress',
'SetLastError',
'GlobalFree',
'GlobalAlloc',
'GlobalLock',
'GlobalUnlock',
'lstrlenW',
'CreateProcessW',
'GetExitCodeProcess',
'lstrcmpW',
'GetLocalTime',
'WaitForSingleObject',
'FormatMessageW',
'LocalFree',
'WideCharToMultiByte',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'lstrcmpiW',
'ProcessIdToSessionId',
'WTSGetActiveConsoleSessionId',
'Process32NextW',
'OpenProcess',
'TerminateProcess',
'Sleep',
'GetSystemDirectoryW',
'CloseHandle',
'CreateMutexW',
'GetLastError',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'ShowWindow',
'UnregisterClassW',
'DestroyMenu',
'RemovePropW',
'IsWindow',
'GetForegroundWindow',
'GetDlgItem',
'GetTopWindow',
'DestroyWindow',
'GetWindowLongPtrW',
'SetWindowLongPtrW',
'GetMessageTime',
'GetMessagePos',
'MapWindowPoints',
'GetClientRect',
'GetMenu',
'CreateWindowExW',
'GetClassInfoExW',
'GetClassInfoW',
'RegisterClassW',
'AdjustWindowRectEx',
'CopyRect',
'DefWindowProcW',
'CallWindowProcW',
'SetWindowPos',
'SystemParametersInfoA',
'IsIconic',
'GetWindowPlacement',
'GetCapture',
'GrayStringW',
'DrawTextExW',
'DrawTextW',
'TabbedTextOutW',
'ClientToScreen',
'GetWindow',
'GetDlgCtrlID',
'GetWindowRect',
'GetClassNameW',
'PtInRect',
'GetWindowTextW',
'SetWindowTextW',
'UnhookWindowsHookEx',
'LoadCursorW',
'GetSystemMetrics',
'GetDC',
'ReleaseDC',
'GetSysColor',
'GetSysColorBrush',
'GetWindowThreadProcessId',
'GetWindowLongW',
'GetLastActivePopup',
'IsWindowEnabled',
'EnableWindow',
'SetWindowsHookExW',
'CallNextHookEx',
'GetMessageW',
'GetActiveWindow',
'IsWindowVisible',
'GetKeyState',
'GetCursorPos',
'RegisterWindowMessageW',
'LoadIconW',
'WinHelpW',
'GetClassLongPtrW',
'ValidateRect',
'SetMenuItemBitmaps',
'GetMenuCheckMarkDimensions',
'LoadBitmapW',
'GetFocus',
'GetParent',
'SendMessageW',
'ModifyMenuW',
'EnableMenuItem',
'CheckMenuItem',
'PostMessageW',
'PostQuitMessage',
'GetMenuState',
'GetMenuItemID',
'GetMenuItemCount',
'GetSubMenu',
'MsgWaitForMultipleObjects',
'wsprintfW',
'PeekMessageW',
'TranslateMessage',
'DispatchMessageW',
'SetForegroundWindow',
'MessageBoxW',
'SetPropW',
'GetPropW',
'UnregisterClassA',
'SetCursor',
'SetBkColor',
'RestoreDC',
'SaveDC',
'DeleteObject',
'CreateBitmap',
'GetDeviceCaps',
'Escape',
'SelectObject',
'SetViewportOrgEx',
'OffsetViewportOrgEx',
'SetViewportExtEx',
'ScaleViewportExtEx',
'SetWindowExtEx',
'ScaleWindowExtEx',
'DeleteDC',
'GetStockObject',
'TextOutW',
'RectVisible',
'PtVisible',
'GetClipBox',
'SetMapMode',
'SetTextColor',
'ExtTextOutW',
'ShellExecuteW',
'PathFindExtensionW',
'PathFileExistsW',
'PathFindFileNameW',
'CoInitialize',
'CoCreateInstance',
'OleRun',
'CoTaskMemFree',
'CoTaskMemAlloc',
'CoUninitialize',
'SysAllocString',
'SysFreeString',
'VariantClear',
'VariantChangeType',
'VariantInit',
'GetErrorInfo',
'OpenPrinterW',
'DocumentPropertiesW',
'ClosePrinter'],
'LinkerVersion': 8,
'NumberOfImportDLL': 15,
'NumberOfImportFunctions': 319,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 448980,
'StackReserveSize': 1048576,
'filename': './data/malware/26f557b692a934da20fe12ece8ae586dee70e08b4055f8e8e7715404dfe094d2'},
'26f6e0023895a06223a91363d56e71f3e23b2ee59809a08d8838b994a1a8c90c': {'AddressOfEntryPoint': 18492,
'DebugRVA': 49776,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'HeapReAlloc'},
'ImportedFunctions': ['WriteProcessMemory',
'VirtualProtectEx',
'GetProcAddress',
'GetModuleHandleW',
'ReadProcessMemory',
'WideCharToMultiByte',
'OpenProcess',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'GetLastError',
'FlsAlloc',
'HeapAlloc',
'HeapFree',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'Sleep',
'ExitProcess',
'GetModuleFileNameW',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'LoadLibraryA',
'GetLocaleInfoA',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'InitializeCriticalSectionAndSpinCount',
'HeapReAlloc'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 65,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1424,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 14848,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 42496},
'StackReserveSize': 1048576,
'filename': './data/malware/26f6e0023895a06223a91363d56e71f3e23b2ee59809a08d8838b994a1a8c90c'},
'2703a38a1b9a8718c9c53984f8ae34fee22d2b9354d369795ef205e90fa6f8d7': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3432,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 449024,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/2703a38a1b9a8718c9c53984f8ae34fee22d2b9354d369795ef205e90fa6f8d7'},
'2772bbf4f0a755f954414106f67d73e0db0ba87a721dcfd0b9451173a19ddf1e': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 936680,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 936960,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/2772bbf4f0a755f954414106f67d73e0db0ba87a721dcfd0b9451173a19ddf1e'},
'27c6a044aad80ce77bee9c25489f1c2a867f0c7525bcbe7c2dca6f9ef7a271d9': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 780724,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 780800,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/27c6a044aad80ce77bee9c25489f1c2a867f0c7525bcbe7c2dca6f9ef7a271d9'},
'284ee87a6751d1c031bf5305ca4f5025cf8043f3fe71f0712514beda6444e640': {'AddressOfEntryPoint': 480640,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 581632,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'COMCTL32.dll': 'ImageList_Remove',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetCancelConnection2W',
'OLEAUT32.dll': 'GetActiveObject',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetMenuItemCount',
'VERSION.dll': 'VerQueryValueW',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'listen',
'comdlg32.dll': 'GetOpenFileNameW',
'ole32.dll': 'CoSetProxyBlanket'},
'ImportedFunctions': ['__WSAFDIsSet',
'recv',
'send',
'socket',
'connect',
'closesocket',
'bind',
'select',
'accept',
'htons',
'sendto',
'recvfrom',
'ntohs',
'WSAGetLastError',
'ioctlsocket',
'WSACleanup',
'inet_addr',
'gethostbyname',
'WSAStartup',
'gethostname',
'listen',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'waveOutSetVolume',
'timeGetTime',
'mciSendStringW',
'ImageList_EndDrag',
'ImageList_DragLeave',
'ImageList_DragMove',
'ImageList_DragEnter',
'ImageList_BeginDrag',
'ImageList_SetDragCursorImage',
'ImageList_Destroy',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Remove',
'WNetUseConnectionW',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetCancelConnection2W',
'ReadFile',
'SetFilePointer',
'SizeofResource',
'EnumResourceNamesW',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'OutputDebugStringW',
'GetLastError',
'CreateDirectoryW',
'RemoveDirectoryW',
'TerminateProcess',
'WaitForSingleObject',
'SetSystemPowerState',
'SetFileTime',
'GetFileAttributesW',
'FindResourceW',
'FindFirstFileW',
'LoadResource',
'FindClose',
'LockResource',
'GetLocalTime',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CompareStringW',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetVolumeLabelW',
'DeviceIoControl',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'SetFileAttributesW',
'GetShortPathNameW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'SetErrorMode',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetProcessWorkingSetSize',
'GlobalMemoryStatus',
'CreateFileW',
'GetFileSize',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalFree',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'CreatePipe',
'DuplicateHandle',
'GetStdHandle',
'WriteFile',
'GetFileType',
'PeekNamedPipe',
'SetLastError',
'LoadLibraryExW',
'GlobalFindAtomW',
'GetStartupInfoW',
'GetProcessHeap',
'GetVersionExA',
'LeaveCriticalSection',
'EnterCriticalSection',
'ResumeThread',
'GetSystemTimeAsFileTime',
'CreateThread',
'ExitThread',
'HeapFree',
'HeapAlloc',
'ExitProcess',
'GetModuleHandleA',
'FlsSetValue',
'TlsFree',
'FlsFree',
'TlsSetValue',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlCaptureContext',
'RaiseException',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'DeleteCriticalSection',
'RtlUnwindEx',
'HeapSize',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'CreateFileMappingW',
'OpenProcess',
'UnmapViewOfFile',
'CloseHandle',
'ReadProcessMemory',
'WriteProcessMemory',
'MapViewOfFile',
'QueryPerformanceFrequency',
'QueryPerformanceCounter',
'GetModuleHandleW',
'GetSystemInfo',
'GetCurrentProcess',
'GetVersionExW',
'GetCurrentThreadId',
'Sleep',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetHandleCount',
'GetStartupInfoA',
'SetStdHandle',
'SetCurrentDirectoryW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'InitializeCriticalSection',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlushFileBuffers',
'LCMapStringA',
'LCMapStringW',
'GetTimeZoneInformation',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'GetTickCount',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapReAlloc',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'SetEndOfFile',
'CompareStringA',
'Beep',
'SetEnvironmentVariableA',
'GetActiveWindow',
'InflateRect',
'CharNextW',
'DrawFocusRect',
'wsprintfW',
'DrawTextW',
'RedrawWindow',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DrawMenuBar',
'SubtractRect',
'OffsetRect',
'GetClassWord',
'GetNextDlgTabItem',
'GetWindow',
'IsChild',
'ReleaseCapture',
'SetCapture',
'ReleaseDC',
'GetCursor',
'GetDC',
'WindowFromPoint',
'SetClipboardData',
'EmptyClipboard',
'CharLowerBuffW',
'UnregisterHotKey',
'GetMessageW',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'LoadImageW',
'CreateIconFromResourceEx',
'SetWindowLongPtrW',
'InsertMenuItemW',
'IsMenu',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CreateIcon',
'CheckMenuRadioItem',
'GetMenuItemID',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'GetWindowLongW',
'IsIconic',
'FindWindowW',
'SystemParametersInfoW',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'OpenClipboard',
'keybd_event',
'VkKeyScanA',
'GetKeyboardLayoutNameA',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'DestroyWindow',
'GetMenu',
'GetClientRect',
'EndPaint',
'CopyRect',
'BeginPaint',
'EnumWindows',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'GetSysColor',
'SetClassLongPtrW',
'IsDialogMessageW',
'GetSystemMetrics',
'GetWindowTextLengthW',
'GetWindowDC',
'SetMenu',
'SetCursor',
'CreateMenu',
'DestroyMenu',
'FlashWindow',
'SetMenuDefaultItem',
'SetWindowLongW',
'ScreenToClient',
'InvalidateRect',
'GetWindowLongPtrW',
'GetFocus',
'GetWindowTextW',
'EnumChildWindows',
'CharUpperBuffW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'SendMessageTimeoutW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'MessageBoxW',
'CreatePopupMenu',
'MessageBoxA',
'RegisterWindowMessageW',
'SetTimer',
'IsZoomed',
'GetCaretPos',
'GetSubMenu',
'GetMenuStringW',
'IsCharUpperW',
'IsCharLowerW',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'CountClipboardFormats',
'SetWindowPos',
'CloseClipboard',
'CopyImage',
'GetClipboardData',
'SetForegroundWindow',
'IsClipboardFormatAvailable',
'DestroyIcon',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'AdjustWindowRectEx',
'SetRect',
'ClientToScreen',
'GetKeyState',
'RegisterHotKey',
'GetMenuItemCount',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'PolyBezierTo',
'ExtCreatePen',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'Ellipse',
'MoveToEx',
'AngleArc',
'LineTo',
'CloseFigure',
'SetPixel',
'EndPath',
'StrokePath',
'StrokeAndFillPath',
'GetObjectW',
'SetBkMode',
'GetDeviceCaps',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'CreateCompatibleBitmap',
'GetPixel',
'DeleteDC',
'GetDIBits',
'BitBlt',
'SelectObject',
'CreateDIBSection',
'CreateCompatibleDC',
'CreateFontW',
'GetTextExtentPoint32W',
'DeleteObject',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'DragQueryPoint',
'ShellExecuteExW',
'DragQueryFileW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoCreateInstance',
'CoInitialize',
'CoUninitialize',
'CreateStreamOnHGlobal',
'StringFromCLSID',
'OleUninitialize',
'CoTaskMemAlloc',
'CoTaskMemFree',
'IIDFromString',
'StringFromIID',
'CLSIDFromString',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'LoadRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayDestroyData',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VarR4FromDec',
'VariantTimeToSystemTime',
'VariantClear',
'VariantCopy',
'VariantInit',
'GetActiveObject'],
'LinkerVersion': 8,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 462,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 14096,
'SectionNames': {'.data\x00\x00\x00': 16384,
'.pdata\x00\x00': 18432,
'.rdata\x00\x00': 80896,
'.rsrc\x00\x00\x00': 14336,
'.text\x00\x00\x00': 575488},
'StackReserveSize': 4194304,
'filename': './data/malware/284ee87a6751d1c031bf5305ca4f5025cf8043f3fe71f0712514beda6444e640'},
'28abf49b5af3909813357f3044a9c8b42c028e9b77fc82700fcf5a393c0c4839': {'AddressOfEntryPoint': 34956,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 58880},
'StackReserveSize': 1048576,
'filename': './data/malware/28abf49b5af3909813357f3044a9c8b42c028e9b77fc82700fcf5a393c0c4839'},
'28b514b2f7c5321645932d2a044fb25cca346b6a2eb2b67d8a20179b0eb04788': {'AddressOfEntryPoint': 49168,
'DebugRVA': 29056,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 45056,
'ExportSize': 1878,
'IATRVA': 28672,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'NDIS.SYS': 'NdisRegisterTdiCallBack',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['RtlAnsiStringToUnicodeString',
'KeSetEvent',
'KeInitializeDpc',
'RtlInitString',
'KeReleaseSpinLock',
'IoAllocateErrorLogEntry',
'KeInitializeTimer',
'RtlxAnsiStringToUnicodeSize',
'KeQueryTimeIncrement',
'KeWaitForSingleObject',
'KeSetTimer',
'KeAcquireSpinLockRaiseToDpc',
'MmUnmapLockedPages',
'IoBuildPartialMdl',
'IoIs32bitProcess',
'KeReleaseSpinLockFromDpcLevel',
'MmFreeMappingAddress',
'MmMapLockedPagesWithReservedMapping',
'MmMapLockedPagesSpecifyCache',
'IoWriteErrorLogEntry',
'NtCreateFile',
'MmUnmapReservedMapping',
'KeAcquireSpinLockAtDpcLevel',
'_wcsicmp',
'ExFreePoolWithTag',
'_wcsnicmp',
'RtlInitUnicodeString',
'RtlAppendUnicodeToString',
'KeInitializeEvent',
'DbgBreakPoint',
'ZwQueryValueKey',
'ZwClose',
'RtlAppendUnicodeStringToString',
'RtlCompareUnicodeString',
'RtlCopyUnicodeString',
'DbgPrint',
'ZwOpenKey',
'KeBugCheckEx',
'ExAllocatePoolWithTag',
'NlsMbCodePageTag',
'MmAllocateMappingAddress',
'ExQueueWorkItem',
'__C_specific_handler',
'NdisReturnPackets',
'NdisDeregisterTdiCallBack',
'NdisRegisterTdiCallBack'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 46,
'NumberOfSections': 9,
'OSVersion': 5,
'ResSize': 976,
'SectionNames': {'.data\x00\x00\x00': 512,
'.edata\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 3072,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 21504,
'INIT\x00\x00\x00\x00': 2048,
'PAGE\x00\x00\x00\x00': 512},
'StackReserveSize': 262144,
'filename': './data/malware/28b514b2f7c5321645932d2a044fb25cca346b6a2eb2b67d8a20179b0eb04788'},
'28bf19434e6a2fd5cec3632784576d42b3d67135eec47d72db0cda2800b27814': {'AddressOfEntryPoint': 5112,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'HeapReAlloc',
'USER32.dll': 'MessageBoxA'},
'ImportedFunctions': ['ExitProcess',
'GetLastError',
'CloseHandle',
'WaitForSingleObject',
'CreateProcessA',
'GetCommandLineA',
'HeapAlloc',
'GetStringTypeW',
'GetStartupInfoW',
'SetUnhandledExceptionFilter',
'GetProcAddress',
'GetModuleHandleW',
'DecodePointer',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameW',
'RtlUnwindEx',
'GetModuleFileNameA',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'DeleteCriticalSection',
'EncodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'LoadLibraryW',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'TerminateProcess',
'GetCurrentProcess',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'HeapFree',
'Sleep',
'HeapSize',
'LCMapStringW',
'MultiByteToWideChar',
'HeapReAlloc',
'MessageBoxA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 60,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 624,
'SectionNames': {'.data\x00\x00\x00': 4096,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 10240,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 20480},
'StackReserveSize': 1048576,
'filename': './data/malware/28bf19434e6a2fd5cec3632784576d42b3d67135eec47d72db0cda2800b27814'},
'28e489769672c34430d942d0829517470b396fa16661e1c1029db6b677a96fad': {'AddressOfEntryPoint': 1953900,
'DebugRVA': 1324248,
'DebugSize': 56,
'Dll': 128,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 1327104,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 11,
'OSVersion': 6,
'ResSize': 129840,
'SectionNames': {'.data\x00\x00\x00': 53248,
'.pdata\x00\x00': 90624,
'.rdata\x00\x00': 159744,
'.reloc\x00\x00': 3072,
'.rsrc\x00\x00\x00': 130048,
'.text\x00\x00\x00': 1320448,
'INIT\x00\x00\x00\x00': 22016,
'PAGE\x00\x00\x00\x00': 11264,
'PAGECONS': 512,
'PAGEIDP\x00': 11776,
'PAGEIPSE': 113152},
'StackReserveSize': 262144,
'filename': './data/malware/28e489769672c34430d942d0829517470b396fa16661e1c1029db6b677a96fad'},
'28f2f64d13fc0f3ff2f5676da7dfc021b0d860d29ab2fd566574c6bbf9d5e0ce': {'AddressOfEntryPoint': 7792,
'DebugRVA': 45664,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'MD5Init',
'KERNEL32.dll': 'GetProcessHeap',
'WS2_32.dll': 'WSAStartup',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['ZwQueryVolumeInformationFile',
'ZwQueryKey',
'RtlStringFromGUID',
'RtlInitUnicodeString',
'ZwWriteFile',
'ZwSetValueKey',
'wcstoul',
'RtlNtStatusToDosError',
'ZwCreateFile',
'LdrAccessResource',
'LdrFindResource_U',
'RtlFreeUnicodeString',
'ZwResumeThread',
'ZwSetContextThread',
'sprintf',
'ZwProtectVirtualMemory',
'ZwSetInformationFile',
'ZwWaitForSingleObject',
'ZwGetContextThread',
'RtlExitUserThread',
'RtlCreateUserThread',
'ZwDuplicateObject',
'ZwOpenFile',
'RtlDosPathNameToNtPathName_U',
'ZwClose',
'RtlAdjustPrivilege',
'ZwImpersonateThread',
'ZwOpenThread',
'ZwOpenProcess',
'ZwQuerySystemInformation',
'RtlIpv4AddressToStringA',
'ZwOpenKey',
'ZwQueryValueKey',
'RtlIpv4StringToAddressExW',
'wcschr',
'ZwQueueApcThread',
'ZwAllocateVirtualMemory',
'RtlEqualUnicodeString',
'ZwOpenEvent',
'ZwWriteVirtualMemory',
'ZwQueryInformationFile',
'ZwCreateKey',
'LdrFindEntryForAddress',
'__chkstk',
'memcpy',
'GetSystemDefaultLangID',
'GetSystemTimeAsFileTime',
'GetLastError',
'BindIoCompletionCallback',
'HeapAlloc',
'GetVersion',
'Sleep',
'GetCommandLineW',
'LoadLibraryExW',
'ExitProcess',
'VirtualFree',
'VirtualAlloc',
'GetModuleHandleW',
'HeapFree',
'GetProcessHeap',
'MD5Final',
'MD5Update',
'MD5Init',
'WSASend',
'WSARecv',
'WSAIoctl',
'bind',
'closesocket',
'WSAGetLastError',
'WSASocketW',
'WSAStartup'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 71,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 2560,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 5632,
'.rsrc\x00\x00\x00': 2560,
'.text\x00\x00\x00': 40960},
'StackReserveSize': 1048576,
'filename': './data/malware/28f2f64d13fc0f3ff2f5676da7dfc021b0d860d29ab2fd566574c6bbf9d5e0ce'},
'29730548ef5cbd722c86f4cfcabb29173d38a7c538befc281cab8f96154b4655': {'AddressOfEntryPoint': 362076,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 370952,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'hal.dll': 'HalMakeBeep',
'ntoskrnl.exe': 'NtQuerySystemInformation'},
'ImportedFunctions': ['PsGetVersion',
'PsGetCurrentThreadId',
'PsGetCurrentProcessId',
'__C_specific_handler',
'ProbeForWrite',
'KeDelayExecutionThread',
'ProbeForRead',
'_wcsnicmp',
'_stricmp',
'RtlDeleteRegistryValue',
'strstr',
'strrchr',
'ExFreePoolWithTag',
'strncpy',
'_strnicmp',
'PsDereferencePrimaryToken',
'RtlEqualSid',
'SeQueryInformationToken',
'PsReferencePrimaryToken',
'PsSetCreateProcessNotifyRoutine',
'RtlInitUnicodeString',
'IofCompleteRequest',
'__chkstk',
'IoCreateSymbolicLink',
'IoCreateDevice',
'PsSetLoadImageNotifyRoutine',
'ZwClose',
'ExReleaseFastMutex',
'ExAcquireFastMutex',
'ZwCreateFile',
'KeInitializeEvent',
'ExAllocatePoolWithTag',
'ZwQuerySystemInformation',
'MmIsAddressValid',
'RtlFreeAnsiString',
'RtlUnicodeStringToAnsiString',
'_vsnwprintf',
'_wcsicmp',
'ZwOpenFile',
'MmUnmapViewInSystemSpace',
'MmMapViewInSystemSpace',
'MmCreateSection',
'ZwQueryInformationThread',
'ZwOpenThread',
'PsGetProcessInheritedFromUniqueProcessId',
'ObReferenceObjectByHandle',
'PsGetProcessImageFileName',
'ObQueryNameString',
'IoGetDeviceObjectPointer',
'KeStackAttachProcess',
'KeUnstackDetachProcess',
'PsGetProcessCreateTimeQuadPart',
'KeQueryTimeIncrement',
'ZwQuerySymbolicLinkObject',
'ZwOpenSymbolicLinkObject',
'ZwQueryInformationProcess',
'PsIsThreadTerminating',
'MmGetSystemRoutineAddress',
'PsGetProcessId',
'PsGetThreadProcess',
'ZwOpenProcess',
'ZwOpenDirectoryObject',
'RtlAppendUnicodeStringToString',
'PsLookupProcessByProcessId',
'strchr',
'PsGetProcessWin32Process',
'ZwQueryInformationToken',
'ObOpenObjectByPointer',
'PsGetProcessSectionBaseAddress',
'ZwOpenProcessTokenEx',
'wcschr',
'RtlCompareUnicodeString',
'ZwQueryObject',
'PsGetCurrentProcessSessionId',
'CmRegisterCallback',
'PsGetThreadTeb',
'PsLookupThreadByThreadId',
'RtlNtStatusToDosError',
'PsGetProcessPeb',
'RtlFreeUnicodeString',
'RtlWriteRegistryValue',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlCreateUnicodeString',
'RtlQueryRegistryValues',
'wcsncpy',
'RtlPrefixUnicodeString',
'ZwQueryValueKey',
'ZwOpenKey',
'ZwSetInformationProcess',
'RtlLengthSid',
'ZwAssignProcessToJobObject',
'ZwSetInformationJobObject',
'ZwCreateJobObject',
'PsGetProcessJob',
'ZwTerminateProcess',
'RtlAddAccessAllowedAceEx',
'RtlAddAce',
'RtlCreateAcl',
'RtlGetAce',
'ZwSetSecurityObject',
'RtlSetDaclSecurityDescriptor',
'RtlCreateSecurityDescriptor',
'RtlGetDaclSecurityDescriptor',
'ZwQuerySecurityObject',
'SeTokenIsRestricted',
'SeFilterToken',
'ObfReferenceObject',
'ZwCreateKey',
'ZwEnumerateValueKey',
'ZwSetValueKey',
'ZwDeleteValueKey',
'RtlCompareMemory',
'RtlAppendUnicodeToString',
'RtlFormatCurrentUserKeyPath',
'IoGetCurrentProcess',
'IoQueryFileDosDeviceName',
'ZwConnectPort',
'LpcRequestWaitReplyPort',
'KeBugCheckEx',
'ObfDereferenceObject',
'tolower',
'_vsnprintf',
'IoAllocateMdl',
'MmProbeAndLockPages',
'MmMapLockedPagesSpecifyCache',
'MmUnlockPages',
'IoFreeMdl',
'ExAllocatePool',
'ExFreePool',
'NtQuerySystemInformation',
'HalMakeBeep'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 132,
'NumberOfSections': 11,
'OSVersion': 5,
'ResSize': 1024,
'SectionNames': {'.Shltr0\x00': 0,
'.Shltr1\x00': 1024,
'.Shltr2\x00': 0,
'.Shltr3\x00': 158208,
'.data\x00\x00\x00': 0,
'.pdata\x00\x00': 0,
'.rdata\x00\x00': 0,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 0,
'INIT\x00\x00\x00\x00': 0},
'StackReserveSize': 262144,
'filename': './data/malware/29730548ef5cbd722c86f4cfcabb29173d38a7c538befc281cab8f96154b4655'},
'29be0cae71c8a88a49726327c7a04eec03eb96becc5bbbed4d0e07b80637d0df': {'AddressOfEntryPoint': 107836,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 37672,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 596992,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/29be0cae71c8a88a49726327c7a04eec03eb96becc5bbbed4d0e07b80637d0df'},
'29d108e43304fd59b71d7af372bcff505323e94e5cd115fa614c7c6b80bde216': {'AddressOfEntryPoint': 5016,
'DebugRVA': 4480,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 2845508,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2845696,
'.text\x00\x00\x00': 7680},
'StackReserveSize': 524288,
'filename': './data/malware/29d108e43304fd59b71d7af372bcff505323e94e5cd115fa614c7c6b80bde216'},
'2a1868e906229098e6f5ef10923fe7cacdbb2fa8cb9623e627f752ad3bff6cb0': {'AddressOfEntryPoint': 129992,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 614400,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'GetObjectW',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SysAllocString',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetClientRect',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'VerQueryValueW',
'WININET.dll': 'HttpQueryInfoW',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['WSACleanup',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'ioctlsocket',
'listen',
'bind',
'WSAStartup',
'closesocket',
'connect',
'socket',
'send',
'WSAGetLastError',
'select',
'accept',
'__WSAFDIsSet',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Destroy',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_ReplaceIcon',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'InternetQueryOptionW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'HttpQueryInfoW',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'UnloadUserProfile',
'DestroyEnvironmentBlock',
'CreateEnvironmentBlock',
'LoadUserProfileW',
'GetProcessHeap',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'GetVersionExW',
'GetSystemInfo',
'GetModuleHandleW',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'ReadFile',
'SetFilePointer',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CompareStringW',
'WriteFile',
'GetStdHandle',
'HeapFree',
'EnterCriticalSection',
'TerminateThread',
'LeaveCriticalSection',
'DeleteCriticalSection',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'ResetEvent',
'PulseEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'VirtualAlloc',
'LoadLibraryExW',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'LoadLibraryA',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'RaiseException',
'RtlPcToFileHeader',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'GetCurrentDirectoryW',
'FreeLibrary',
'InitializeCriticalSection',
'GetProcAddress',
'LoadLibraryW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetModuleFileNameA',
'InitializeCriticalSectionAndSpinCount',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'FlushFileBuffers',
'SetStdHandle',
'LCMapStringW',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'LCMapStringA',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'CompareStringA',
'CreatePipe',
'SetEnvironmentVariableA',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'IsCharUpperW',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'SetClipboardData',
'FindWindowW',
'SystemParametersInfoW',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'keybd_event',
'VkKeyScanA',
'GetKeyboardLayoutNameA',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'EndPaint',
'BeginPaint',
'DestroyWindow',
'GetMenu',
'CopyRect',
'CharUpperBuffW',
'EnumWindows',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'IsCharLowerW',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'ReleaseDC',
'EnumThreadWindows',
'GetDC',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'IsIconic',
'GetClipboardData',
'GetClientRect',
'SetBkMode',
'DeleteObject',
'GetPixel',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'BitBlt',
'GetDIBits',
'CloseFigure',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetDeviceCaps',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'DeleteDC',
'GetObjectW',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'SetSecurityDescriptorDacl',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'AddAce',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'IIDFromString',
'StringFromIID',
'CLSIDFromString',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'StringFromCLSID',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'VariantInit',
'VariantCopy',
'VariantClear',
'SafeArrayDestroyData',
'VarR8FromDec',
'SafeArrayAccessData',
'SafeArrayUnaccessData',
'SafeArrayGetVartype',
'OleLoadPicture',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'VariantTimeToSystemTime',
'SysAllocString'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 512,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 29512,
'SectionNames': {'.data\x00\x00\x00': 17408,
'.pdata\x00\x00': 27136,
'.rdata\x00\x00': 88576,
'.rsrc\x00\x00\x00': 29696,
'.text\x00\x00\x00': 608256},
'StackReserveSize': 4194304,
'filename': './data/malware/2a1868e906229098e6f5ef10923fe7cacdbb2fa8cb9623e627f752ad3bff6cb0'},
'2a44cc2b8cd5e04c31b640a2d7e6cfbe27ddfcc614b445268a94d18756678af0': {'AddressOfEntryPoint': 7344,
'DebugRVA': 12848,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetCurrentProcessId',
'USER32.dll': 'GetWindowThreadProcessId',
'msvcrt.dll': 'memcpy',
'ole32.dll': 'CoInitialize'},
'ImportedFunctions': ['CoInitialize',
'DispatchMessageW',
'DefWindowProcW',
'PostThreadMessageW',
'CreateWindowExW',
'IsWindow',
'RegisterClassExW',
'GetForegroundWindow',
'TranslateMessage',
'FindWindowW',
'PostMessageW',
'RegisterWindowMessageW',
'PostQuitMessage',
'GetMessageW',
'SetTimer',
'DestroyWindow',
'GetWindowThreadProcessId',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'__wgetmainargs',
'?terminate@@YAXXZ',
'??2@YAPEAX_K@Z',
'_wgetcwd',
'__C_specific_handler',
'memset',
'memcpy',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetStartupInfoW',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'RaiseException',
'LoadLibraryA',
'FreeLibrary',
'LocalAlloc',
'Sleep',
'CloseHandle',
'GetProcAddress',
'GetLastError',
'LoadLibraryW',
'OpenProcess',
'GetModuleHandleW',
'GetCurrentProcess',
'GetCurrentProcessId'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 59,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 1016,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 3584,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 4608},
'StackReserveSize': 1048576,
'filename': './data/malware/2a44cc2b8cd5e04c31b640a2d7e6cfbe27ddfcc614b445268a94d18756678af0'},
'2a5a580d083aa88cfa19f735cdcd0e0c79291384088df317e2c0f621f3da22f2': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 218048,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 218112,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/2a5a580d083aa88cfa19f735cdcd0e0c79291384088df317e2c0f621f3da22f2'},
'2a83f8a8d335bfec595b4c4ebf0a96c78889aade87134859a1693ebae8f9e159': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 183584,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 183808,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/2a83f8a8d335bfec595b4c4ebf0a96c78889aade87134859a1693ebae8f9e159'},
'2ae130e8471de572550f425f261de6369fe5784a7423a3f9488bd3807f4ec581': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1785872,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1704960,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/2ae130e8471de572550f425f261de6369fe5784a7423a3f9488bd3807f4ec581'},
'2afc4a24f024b8698642ce8d75aedff9fee94d9ec4e8aa444997d2833bb60da9': {'AddressOfEntryPoint': 77924,
'DebugRVA': 41392,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 40960,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoDeleteSymbolicLink',
'ExFreePoolWithTag',
'RtlInitUnicodeString',
'IoDeleteDevice',
'MmGetSystemRoutineAddress',
'RtlAppendUnicodeToString',
'PsSetCreateProcessNotifyRoutine',
'ZwQueryValueKey',
'ExAllocatePool',
'IoAllocateWorkItem',
'ZwClose',
'IofCompleteRequest',
'IoCreateSymbolicLink',
'IoCreateDevice',
'DbgPrint',
'ZwOpenKey',
'KeQueryActiveProcessors',
'PsProcessType',
'PsLookupProcessByProcessId',
'KeInitializeApc',
'ZwMapViewOfSection',
'KeInsertQueueApc',
'PsSetCreateThreadNotifyRoutine',
'KeReleaseSpinLock',
'ZwOpenThread',
'KeUnstackDetachProcess',
'KeDetachProcess',
'KeDelayExecutionThread',
'MmGetPhysicalAddress',
'ZwUnmapViewOfSection',
'ObReferenceObjectByHandle',
'KeAttachProcess',
'ObfDereferenceObject',
'ZwOpenSection',
'ObOpenObjectByPointer',
'KeStackAttachProcess',
'ZwAllocateVirtualMemory',
'KeAcquireSpinLockRaiseToDpc',
'PsLookupThreadByThreadId',
'KeWaitForSingleObject',
'KeReleaseSemaphore',
'KeClearEvent',
'KeSetEvent',
'KeInitializeEvent',
'PsGetCurrentThreadId',
'PsGetCurrentProcessId',
'ZwReadFile',
'ZwWaitForSingleObject',
'ZwCreateFile',
'ZwQueryInformationFile',
'MmAllocateContiguousMemory',
'KeBugCheckEx',
'__C_specific_handler'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 53,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.text\x00\x00\x00': 33280,
'INIT\x00\x00\x00\x00': 2048},
'StackReserveSize': 262144,
'filename': './data/malware/2afc4a24f024b8698642ce8d75aedff9fee94d9ec4e8aa444997d2833bb60da9'},
'2b17b1def146ff2d023c383784bae55ba613124af3df33cbb7dd8eeb1f830f54': {'AddressOfEntryPoint': 134704,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 278528,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 3164,
'SectionNames': {'.data\x00\x00\x00': 21504,
'.pdata\x00\x00': 11264,
'.rdata\x00\x00': 75264,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 272384},
'StackReserveSize': 1048576,
'filename': './data/malware/2b17b1def146ff2d023c383784bae55ba613124af3df33cbb7dd8eeb1f830f54'},
'2b1bd9877ffb6f1422d2053e95b9acfeadae1ff4033553ce164d4150b31d04fc': {'AddressOfEntryPoint': 229104,
'DebugRVA': 238368,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 237568,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionBind',
'ntoskrnl.exe': '_purecall'},
'ImportedFunctions': ['ObfDereferenceObject',
'IoGetDeviceObjectPointer',
'RtlInitUnicodeString',
'IoStartNextPacket',
'PoUnregisterSystemState',
'PoRegisterSystemState',
'IoReleaseRemoveLockEx',
'IofCompleteRequest',
'PoStartNextPowerIrp',
'IoAcquireRemoveLockEx',
'IofCallDriver',
'IoReleaseRemoveLockAndWaitEx',
'PoSetPowerState',
'PoCallDriver',
'IoCancelIrp',
'IoReleaseCancelSpinLock',
'IoFreeIrp',
'IoRegisterShutdownNotification',
'RtlQueryRegistryValues',
'RtlCreateRegistryKey',
'RtlCheckRegistryKey',
'KeInitializeEvent',
'KeInitializeMutex',
'KeReleaseMutex',
'KeReleaseSpinLock',
'KeClearEvent',
'KeAcquireSpinLockRaiseToDpc',
'KeWaitForSingleObject',
'KeSetEvent',
'IoBuildSynchronousFsdRequest',
'IoInitializeIrp',
'IoFreeWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoAllocateWorkItem',
'IoCreateSynchronizationEvent',
'ZwClose',
'IoIsWdmVersionAvailable',
'ObReferenceObjectByHandle',
'ExEventObjectType',
'IoDetachDevice',
'IoAttachDeviceToDeviceStack',
'wcsstr',
'IoRegisterPlugPlayNotification',
'towlower',
'ZwEnumerateValueKey',
'ZwOpenKey',
'RtlFreeAnsiString',
'RtlUnicodeStringToAnsiString',
'KeSynchronizeExecution',
'KeInitializeDpc',
'KeInsertQueueDpc',
'ExFreePoolWithTag',
'__C_specific_handler',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'MmBuildMdlForNonPagedPool',
'IoAllocateMdl',
'MmUnmapLockedPages',
'PoRequestPowerIrp',
'swprintf',
'ZwCreateSection',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'IoCreateNotificationEvent',
'ExQueueWorkItem',
'KeSetTimer',
'KeCancelTimer',
'KeInitializeTimer',
'KeSetTimerEx',
'KeDelayExecutionThread',
'IoBuildDeviceIoControlRequest',
'RtlCopyUnicodeString',
'RtlIntegerToUnicodeString',
'RtlFreeUnicodeString',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlAppendUnicodeStringToString',
'ExAllocatePoolWithTag',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'IoCreateDevice',
'RtlWriteRegistryValue',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'sprintf',
'KeQueryTimeIncrement',
'IoUnregisterPlugPlayNotification',
'_purecall',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionUnbind',
'WdfVersionBind'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 95,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 920,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 13312,
'.rdata\x00\x00': 31744,
'.reloc\x00\x00': 3072,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 231936,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/2b1bd9877ffb6f1422d2053e95b9acfeadae1ff4033553ce164d4150b31d04fc'},
'2b20cab13ce9e060bf31aa1aa6dca2db2d3f1d3dfdcaf7bcdf91e12b3a6e05f5': {'AddressOfEntryPoint': 174748,
'DebugRVA': 4848,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4194304,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueExA',
'KERNEL32.dll': 'FindFirstFileA',
'USER32.dll': 'CharNextA',
'msvcrt.dll': '_strnicmp'},
'ImportedFunctions': ['_c_exit',
'_XcptFilter',
'__C_specific_handler',
'isalnum',
'isalpha',
'islower',
'_atoi64',
'atol',
'_exit',
'memset',
'strchr',
'memcpy',
'??2@YAPEAX_K@Z',
'_cexit',
'exit',
'_acmdln',
'__getmainargs',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'__dllonexit',
'_onexit',
'??3@YAXPEAX@Z',
'_strnicmp',
'RegCloseKey',
'RegQueryValueExA',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'GlobalFlags',
'_lopen',
'GetStartupInfoA',
'_hread',
'_lclose',
'LocalAlloc',
'LocalFree',
'lstrcmpiA',
'GlobalUnlock',
'GlobalAlloc',
'GlobalLock',
'GlobalFree',
'GetFileAttributesA',
'SetFileAttributesA',
'DeleteFileA',
'GetSystemDirectoryA',
'GetWindowsDirectoryA',
'lstrcatA',
'_llseek',
'FindNextFileA',
'IsDBCSLeadByte',
'lstrlenA',
'GetLastError',
'LoadLibraryA',
'FreeLibrary',
'GetProcAddress',
'WideCharToMultiByte',
'GetVersionExA',
'lstrcpyA',
'FindClose',
'FindFirstFileA',
'PostQuitMessage',
'GetMessageA',
'TranslateMessage',
'DispatchMessageA',
'MessageBoxA',
'SendMessageA',
'LoadStringA',
'CharPrevA',
'wsprintfA',
'GetSystemMetrics',
'CharNextA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 82,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 2616,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 59392,
'.text\x00\x00\x00': 33280,
'hxobaxv\x00': 31232,
'ldqkunp\x00': 31744,
'ruutamc\x00': 0},
'StackReserveSize': 524288,
'filename': './data/malware/2b20cab13ce9e060bf31aa1aa6dca2db2d3f1d3dfdcaf7bcdf91e12b3a6e05f5'},
'2b64f38771ffeea01cbfd5a57505e9bb58ed9328bfefabfa3891e17dd564ef0b': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3432,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 614912,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/2b64f38771ffeea01cbfd5a57505e9bb58ed9328bfefabfa3891e17dd564ef0b'},
'2b77bcec314435ec275eca22642dbd15685d4c3350d83a4d775fe2a8641d5c45': {'AddressOfEntryPoint': 1074821373,
'DebugRVA': 687536,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 679936,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetNumberOfEventLogRecords',
'BtBalloon.dll': 'BalloonTooltip_RegisterClass',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'CreateSolidBrush',
'KERNEL32.dll': 'SetLastError',
'MSVCP80.dll': '??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z',
'MSVCR80.dll': '__setusermatherr',
'OLEAUT32.dll': 'VarBstrFromDate',
'RASAPI32.dll': 'RasGetErrorStringW',
'SETUPAPI.dll': 'SetupDiCreateDeviceInfoList',
'SHELL32.dll': 'Shell_NotifyIconW',
'SHLWAPI.dll': 'PathFileExistsW',
'USER32.dll': 'SendMessageW',
'VERSION.dll': 'GetFileVersionInfoW',
'WINMM.dll': 'PlaySoundW',
'WINSPOOL.DRV': 'EnumPrintersW',
'WS2_32.dll': 'WSAAddressToStringW',
'btosif.dll': 'OSIF_GetFirstObject',
'btwapi.dll': '?GapStartDiscovery@CWBtAPI@@QEAA?AW4WBtRc@@PEAEH@Z',
'btwhidcs.DLL': '?getBatteryStatus@CBtHidExtRoot@@QEAAHPEAE0PEAH1@Z',
'irprops.cpl': 'BluetoothIsDiscoverable',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['?FaxRemoveConnection@CWBtAPI@@QEAA?AW4WBtRc@@HF@Z',
'?HSP_DisconnectGateway@CWBtAPI@@QEAA?AW4WBtRc@@QEAEJ@Z',
'?HAG_DisconnectHeadset@CWBtAPI@@QEAA?AW4WBtRc@@QEAEJ@Z',
'?SetOnSppStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11AEBU_GUID@@FJ@Z0@Z',
'?SetOnDunStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11AEBU_GUID@@FJ@Z0@Z',
'?SetOnLapStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11AEBU_GUID@@FJ@Z0@Z',
'?SetOnFaxStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11AEBU_GUID@@FJ@Z0@Z',
'?SetOnHSPConnectionStatusChangedCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11JJ@Z0@Z',
'?SetOnHidStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAEHJ@Z0@Z',
'?LapDisconnect@CWBtAPI@@QEAA?AW4WBtRc@@QEAE@Z',
'?DunRemoveConnection@CWBtAPI@@QEAA?AW4WBtRc@@HF@Z',
'?SppRemoveConnection@CWBtAPI@@QEAA?AW4WBtRc@@HF@Z',
'?SyncAbort@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?SetOnSyncAbortCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJ@Z0@Z',
'?ClearSyncAbortCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?ClearSyncSynchronizeCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?SetOnSyncSynchronizeCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAEJ@Z0@Z',
'?SetOnSyncProgressCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAEJJJJ@Z0@Z',
'?SyncSynchronize@CWBtAPI@@QEAA?AW4WBtRc@@QEAEU_GUID@@PEBD@Z',
'?SppCreateConnection@CWBtAPI@@QEAA?AW4WBtRc@@QEAEAEBU_GUID@@PEBDH@Z',
'?DunCreateConnection@CWBtAPI@@QEAA?AW4WBtRc@@QEAEAEBU_GUID@@PEBDH@Z',
'?LapCreateConnection@CWBtAPI@@QEAA?AW4WBtRc@@QEAEAEBU_GUID@@PEBDH@Z',
'?FaxCreateConnection@CWBtAPI@@QEAA?AW4WBtRc@@QEAEAEBU_GUID@@PEBDH@Z',
'?HAG_ConnectHeadsetUuid@CWBtAPI@@QEAA?AW4WBtRc@@QEAEPEBDG@Z',
'?HSP_ConnectGateway@CWBtAPI@@QEAA?AW4WBtRc@@QEAEPEBD@Z',
'?Hid_Connect@CWBtAPI@@QEAA?AW4WBtRc@@QEAEJ@Z',
'?BTAuthorizeRequestCallback@CWBtAPI@@QEAA?AW4WBtRc@@QEAE00JJJ@Z',
'?FTP_ServerEventAuthorization@CWBtAPI@@QEAA?AW4WBtRc@@JJJPEA_W@Z',
'?OPP_ServerEventAuthorization@CWBtAPI@@QEAA?AW4WBtRc@@JJJPEA_W@Z',
'?OAPP_AuthenticateAuthentication@CWBtAPI@@QEAA?AW4WBtRc@@JJJPEBD0@Z',
'?SyncResolveConflict@CWBtAPI@@QEAA?AW4WBtRc@@JJH@Z',
'?SyncAuthorize0Vcf@CWBtAPI@@QEAA?AW4WBtRc@@JJJPEA_W@Z',
'?SyncDeleteConfirmation@CWBtAPI@@QEAA?AW4WBtRc@@JH@Z',
'?BTManageSecurity@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?SetOnBTPINCodeRequest@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11PEA_W@Z0@Z',
'?SetOnBTAuthorizeRequest@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11JPEA_W@Z0@Z',
'?SetOnAuthenticationCompleteCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11J@Z0@Z',
'?SetOnLinkKeyNotificationCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE111@Z0@Z',
'?SetOnStackStateChangedCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJ@Z0@Z',
'?SetOnOPPServerEventCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJQEAE11JPEA_W@Z0@Z',
'?SetOnFTPServerEventCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJQEAE11JPEA_W@Z0@Z',
'?SetOnOAPPAuthenticateCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJQEAE11_N2JPEA_W3@Z0@Z',
'?SetOnSyncServerEventCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJQEAE11JPEA_W@Z0@Z',
'?SetOnSyncConflictEventCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11JPEA_WJJ@Z0@Z',
'?SetOnSync0VcfEventCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11JPEA_W@Z0@Z',
'?SetOnHFPNotificationCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11JJJPEA_W@Z0@Z',
'?SetOnSyncDeleteEventCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11JPEA_WJ@Z0@Z',
'?SetOnConfigurationResetCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAX@Z0@Z',
'?SetOnLocalServiceStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXPEAUtBT_SERVICE_INFO@@@Z0@Z',
'?SetOnHAGConnectionStatusChangedCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11JJ@Z0@Z',
'?BTPINCodeRequestCallback@CWBtAPI@@QEAA?AW4WBtRc@@QEAE000FJJJ@Z',
'?GapGetInquiredDevices@CWBtAPI@@QEAA?AW4WBtRc@@PEAJJPEAUtBT_BASIC_DEV_INFO@@@Z',
'?BtmDeviceIsReady@CWBtAPI@@QEAAHXZ',
'?GapBond@CWBtAPI@@QEAA?AW4WBtRc@@QEAEJ0J@Z',
'?GapBond_64@CWBtAPI@@QEAA?AW4WBtRc@@QEAEJ0JJ@Z',
'?ClearDeviceLostCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?Hid_Disconnect@CWBtAPI@@QEAA?AW4WBtRc@@QEAEJ@Z',
'?GapGetLocalServices@CWBtAPI@@QEAA?AW4WBtRc@@PEAHHPEAUtBT_SERVICE_INFO@@@Z',
'?ClearSyncProgressCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?ClearHidStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?ClearHSPConnectionStatusChangedCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?ClearHAGConnectionStatusChangedCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?ClearFaxStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?ClearLapStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?ClearDunStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?SetOnDeviceFoundCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE11H@Z0@Z',
'?ConnectToServer@CWBtAPI@@QEAA?AW4WBtRc@@_NI00@Z',
'??0CWBtAPI@@QEAA@XZ',
'?ClearDiscoveryEventCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?ClearSppStateChangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?GapGetServiceState@CWBtAPI@@QEAA?AW4WBtRc@@QEAEPEAU_GUID@@PEBDPEAJ3@Z',
'?GapGetActiveConnections@CWBtAPI@@QEAA?AW4WBtRc@@PEAJJPEAUtBT_ACTIVE_CONNS@@@Z',
'?GapStopInquiry@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?SetOnDeviceLostCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAE@Z0@Z',
'?SetOnDeviceStatusCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJJ@Z0@Z',
'?SetOnInquiryCompleteCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJF@Z0@Z',
'?SetOnOppPushCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJQEAEJPEA_WJ@Z0@Z',
'?SetOnOppPullCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJQEAEJPEA_WJ@Z0@Z',
'?SetOnOppExchangeCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJQEAEJPEA_WJ@Z0@Z',
'?GapGetAvailableServices@CWBtAPI@@QEAA?AW4WBtRc@@QEAEPEAHHPEAUtBT_SERVICE_INFO@@@Z',
'?GapGetApplicationState@CWBtAPI@@QEAA?AW4WBtRc@@QEAEPEAU_GUID@@PEBDPEAJ3@Z',
'??1CWBtAPI@@QEAA@XZ',
'?OppAbort@CWBtAPI@@QEAA?AW4WBtRc@@J@Z',
'?ClearDeviceFoundCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?SetOnOppProgressCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJQEAEJPEA_WJJJ@Z0@Z',
'?SetOnOppAbortCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXJJ@Z0@Z',
'?GapStartInquiry@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?LapRemoveConnection@CWBtAPI@@QEAA?AW4WBtRc@@HF@Z',
'?ClearDeviceStatusCallback@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?OppExchange@CWBtAPI@@QEAA?AW4WBtRc@@QEAEU_GUID@@PEBDPEA_W3PEAJ@Z',
'?OppPush@CWBtAPI@@QEAA?AW4WBtRc@@QEAEU_GUID@@PEBDPEA_WPEAJ@Z',
'?OppPull@CWBtAPI@@QEAA?AW4WBtRc@@QEAEU_GUID@@PEBDPEA_WPEAJJ@Z',
'?SetOnDiscoveryEventCallback@CWBtAPI@@QEAA?AW4WBtRc@@P6AXPEAXQEAEGJ@Z0@Z',
'?BtmResetConfiguration@CWBtAPI@@QEAA?AW4WBtRc@@XZ',
'?GapStartDiscovery@CWBtAPI@@QEAA?AW4WBtRc@@PEAEH@Z',
'?getCompany@CBTvCard@@QEAAHPEADH@Z',
'?getJobTitle@CBTvCard@@QEAAHPEADH@Z',
'?getID@CBTvCard@@QEAAHPEADH@Z',
'OSIF_FreeObject',
'OSIF_GetObjectName',
'OSIF_CodeToString',
'OSIF_WriteObject',
'OSIF_GetNextObject',
'?getSuffix@CBTvCard@@QEAAHPEADH@Z',
'OSIF_GetObjectById',
'OSIF_AddObject',
'OSIF_ModifyObject',
'OSIF_ObjectsConflict',
'?getDepartment@CBTvCard@@QEAAHPEADH@Z',
'OSIF_ReadObjects',
'OSIF_GetObjectCount',
'OSIF_Close',
'OSIF_OpenX',
'OSIF_Open',
'OSIF_IsPresent',
'OSIF_IsPimSupported',
'OSIF_IsSupported',
'?getEmailAddress@CBTvCard@@QEAAHPEADH@Z',
'??0CBTvCard@@QEAA@XZ',
'?Parse@CBTvCard@@QEAAHPEA_W@Z',
'?getName@CBTvCard@@QEAAHPEADH@Z',
'?getWorkPhone@CBTvCard@@QEAAHPEADH@Z',
'?getWorkFax@CBTvCard@@QEAAHPEADH@Z',
'?getMobilePhone@CBTvCard@@QEAAHPEADH@Z',
'?getHomePhone@CBTvCard@@QEAAHPEADH@Z',
'?getWorkAddress@CBTvCard@@QEAAHPEADH@Z',
'?getHomeAddress@CBTvCard@@QEAAHPEADH@Z',
'?LoadFromVCard@CBTvCard@@QEAAXAEBUtagvCard@@@Z',
'?getFirstName@CBTvCard@@QEAAHPEADH@Z',
'?getLastName@CBTvCard@@QEAAHPEADH@Z',
'?getMiddleName@CBTvCard@@QEAAHPEADH@Z',
'OSIF_FindObject',
'?getTitle@CBTvCard@@QEAAHPEADH@Z',
'??1CBTvCard@@QEAA@XZ',
'OSIF_GetFirstObject',
'SetupDiGetClassDevsW',
'SetupDiEnumDeviceInterfaces',
'SetupDiGetDeviceRegistryPropertyW',
'SetupDiEnumDeviceInfo',
'SetupCloseInfFile',
'SetupOpenInfFileW',
'SetupGetInfFileListW',
'SetupGetStringFieldW',
'SetupGetLineByIndexW',
'SetupGetLineCountW',
'SetupGetFieldCount',
'SetupDiDestroyDeviceInfoList',
'SetupDiOpenDevRegKey',
'SetupDiClassGuidsFromNameW',
'SetupDiGetDeviceInterfaceDetailW',
'SetupDiDestroyDriverInfoList',
'SetupDiGetDriverInfoDetailW',
'SetupDiEnumDriverInfoW',
'SetupDiBuildDriverInfoList',
'SetupDiGetDeviceInstanceIdW',
'SetupDiOpenDeviceInterfaceRegKey',
'SetupDiCreateDeviceInfoList',
'PathIsDirectoryW',
'SHGetValueW',
'SHSetValueW',
'PathFindExtensionW',
'PathFileExistsW',
'RasGetErrorStringW',
'PlaySoundW',
'?WaitNoInstallEvents@CBtHidExtRoot@@QEAAHKK@Z',
'?getStack@@YAPEAVCBtHidExtRoot@@XZ',
'?readSettings@CBtHidExtRoot@@SAXPEAHPEAK001111@Z',
'?getBatteryStatus@CBtHidExtRoot@@QEAAHPEAE0PEAH1@Z',
'bind',
'getsockname',
'socket',
'closesocket',
'WSACleanup',
'WSAStartup',
'WSALookupServiceBeginW',
'WSALookupServiceNextW',
'WSAGetLastError',
'WSALookupServiceEnd',
'WSAAddressToStringW',
'BluetoothIsDiscoverable',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'?terminate@@YAXXZ',
'__crt_debugger_hook',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'__set_app_type',
'_encode_pointer',
'_fmode',
'_decode_pointer',
'_initterm',
'__CxxFrameHandler3',
'_beginthreadex',
'memset',
'memcmp',
'strlen',
'memcpy',
'strncpy_s',
'free',
'_swprintf',
'wcscpy',
'swscanf',
'calloc',
'_recalloc',
'__C_specific_handler',
'fclose',
'fputws',
'fwprintf',
'_wfopen',
'wcscat',
'_wcsicmp',
'_time64',
'labs',
'wcslen',
'_memicmp',
'_stricmp',
'strcpy',
'_purecall',
'_wsplitpath',
'wcscat_s',
'_localtime64_s',
'ceil',
'floor',
'wcsncpy',
'wcsncat',
'_invalid_parameter_noinfo',
'_CxxThrowException',
'??0exception@std@@QEAA@AEBV01@@Z',
'??1exception@std@@UEAA@XZ',
'??0exception@std@@QEAA@XZ',
'??0exception@std@@QEAA@AEBQEBD@Z',
'?what@exception@std@@UEBAPEBDXZ',
'memmove_s',
'vsprintf_s',
'realloc',
'wcscmp',
'wcscpy_s',
'rand',
'srand',
'atof',
'sprintf',
'wcsncmp',
'wcsrchr',
'sscanf',
'strcmp',
'_wcsupr',
'wcsstr',
'malloc',
'strncmp',
'strcat',
'isprint',
'_strupr',
'strstr',
'_wtoi',
'vswprintf_s',
'_wcsdup',
'wcschr',
'_wtof',
'wcstok_s',
'_vswprintf',
'vsprintf',
'toupper',
'isdigit',
'strncpy',
'wcsftime',
'wcstombs',
'clearerr_s',
'__doserrno',
'fputs',
'feof',
'fgets',
'strtok',
'_strdup',
'_amsg_exit',
'__wgetmainargs',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_commode',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'lstrlenW',
'lstrlenA',
'GetLocaleInfoW',
'IsValidCodePage',
'MultiByteToWideChar',
'GetVersionExW',
'CreateFileA',
'OutputDebugStringA',
'WideCharToMultiByte',
'Sleep',
'WaitForSingleObject',
'TerminateThread',
'CreateFileW',
'SetThreadPriority',
'CloseHandle',
'DeviceIoControl',
'GetACP',
'GetLocaleInfoA',
'GetThreadLocale',
'GetVersionExA',
'GetStartupInfoW',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'QueryPerformanceCounter',
'GetLastError',
'LocalAlloc',
'ExpandEnvironmentStringsA',
'LoadLibraryA',
'GetCurrentDirectoryW',
'GetUserDefaultUILanguage',
'GetSystemDefaultLangID',
'GlobalMemoryStatus',
'GetModuleHandleExW',
'GetModuleFileNameW',
'QueryActCtxW',
'FindActCtxSectionStringW',
'DeactivateActCtx',
'ActivateActCtx',
'CreateActCtxW',
'lstrcmpiW',
'GlobalAlloc',
'GlobalFree',
'FormatMessageW',
'LocalFree',
'GetEnvironmentVariableW',
'VerSetConditionMask',
'VerifyVersionInfoW',
'GetExitCodeProcess',
'FindFirstFileW',
'FindClose',
'CallNamedPipeA',
'EnumResourceNamesW',
'lstrcpynW',
'GetVersion',
'ExpandEnvironmentStringsW',
'LoadLibraryExW',
'OpenEventW',
'lstrcmpW',
'lstrcpyW',
'GetCurrentProcess',
'SuspendThread',
'DeleteFileW',
'CreateThread',
'GetWindowsDirectoryW',
'SetThreadExecutionState',
'SetEvent',
'GetTickCount',
'WinExec',
'GetSystemDirectoryW',
'CreateProcessW',
'WaitForMultipleObjects',
'ResetEvent',
'ProcessIdToSessionId',
'OpenProcess',
'GetCurrentProcessId',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'CreateEventW',
'GetCommandLineW',
'GetComputerNameW',
'OutputDebugStringW',
'GetTempPathW',
'CreateDirectoryW',
'GetSystemTime',
'FreeLibrary',
'DeleteCriticalSection',
'InitializeCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetModuleHandleW',
'LoadLibraryW',
'GetProcAddress',
'SetLastError',
'DestroyWindow',
'SetClassLongPtrW',
'CreateWindowExW',
'CheckRadioButton',
'CheckDlgButton',
'GetDlgItem',
'TranslateMessage',
'DeleteMenu',
'SendInput',
'GetForegroundWindow',
'GetWindowThreadProcessId',
'DispatchMessageW',
'MsgWaitForMultipleObjects',
'SetWindowPos',
'SetDlgItemTextW',
'IsWindow',
'TranslateAcceleratorW',
'LoadAcceleratorsW',
'RegisterWindowMessageW',
'KillTimer',
'ClientToScreen',
'GetMenuState',
'GetMenuItemCount',
'GetClassNameW',
'AppendMenuW',
'CreatePopupMenu',
'wsprintfW',
'IsMenu',
'SetTimer',
'FindWindowExW',
'SetMenuDefaultItem',
'LoadStringW',
'DestroyIcon',
'GetCursorPos',
'TrackPopupMenu',
'LoadMenuW',
'GetSubMenu',
'DestroyMenu',
'SetWinEventHook',
'UnhookWinEvent',
'UnregisterDeviceNotification',
'RegisterDeviceNotificationW',
'RegisterWindowMessageA',
'MessageBoxW',
'GetParent',
'LoadIconW',
'LoadImageW',
'CallWindowProcW',
'GetWindowTextW',
'GetWindowLongW',
'ReleaseDC',
'GetDC',
'GetSystemMetrics',
'EnableMenuItem',
'PostThreadMessageW',
'FindWindowW',
'wvsprintfW',
'GetDesktopWindow',
'InvalidateRect',
'UpdateWindow',
'GetClientRect',
'FillRect',
'EnableWindow',
'PeekMessageW',
'BringWindowToTop',
'GetWindowRect',
'SetForegroundWindow',
'SetCursor',
'LoadCursorW',
'GetSysColor',
'PostMessageW',
'IsRectEmpty',
'SendMessageW',
'GetTextExtentPoint32W',
'GetCurrentObject',
'Polyline',
'GetObjectW',
'CreateFontIndirectW',
'CreateSolidBrush',
'GetOpenFileNameW',
'EnumJobsW',
'OpenPrinterW',
'ClosePrinter',
'GetPrinterW',
'EnumPrintersW',
'CryptEncrypt',
'RegNotifyChangeKeyValue',
'RegCreateKeyExW',
'RegSetValueExW',
'QueryServiceStatus',
'OpenServiceW',
'OpenSCManagerW',
'RegEnumKeyW',
'RegEnumValueW',
'GetUserNameW',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'CreateProcessAsUserW',
'DuplicateTokenEx',
'OpenProcessToken',
'CloseEventLog',
'NotifyChangeEventLog',
'OpenEventLogW',
'ReadEventLogW',
'GetOldestEventLogRecord',
'RegDeleteValueW',
'ControlService',
'StartServiceW',
'CryptAcquireContextW',
'CryptReleaseContext',
'RegOpenKeyExA',
'RegSetValueExA',
'RegQueryValueExA',
'RegQueryInfoKeyW',
'RegEnumKeyExW',
'RegDeleteKeyW',
'CryptImportKey',
'CryptDecrypt',
'CryptGetUserKey',
'CryptGenKey',
'CryptExportKey',
'CryptSetProvParam',
'CryptDestroyKey',
'InitializeSecurityDescriptor',
'GetNumberOfEventLogRecords',
'ShellExecuteW',
'SHCreateDirectoryExW',
'SHGetSpecialFolderLocation',
'SHGetPathFromIDListW',
'SHAppBarMessage',
'Shell_NotifyIconW',
'CoInitializeEx',
'CoUninitialize',
'CoCreateInstance',
'VariantTimeToSystemTime',
'SystemTimeToVariantTime',
'SysAllocString',
'SysFreeString',
'VarBstrFromDate',
'?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ',
'??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z',
'BalloonTooltip_Delete',
'BalloonTooltip_Create',
'BalloonTooltip_Move',
'BalloonTooltip_RegisterClass',
'GetFileVersionInfoSizeW',
'VerQueryValueW',
'GetFileVersionInfoW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 24,
'NumberOfImportFunctions': 537,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 36740,
'StackReserveSize': 1048576,
'filename': './data/malware/2b77bcec314435ec275eca22642dbd15685d4c3350d83a4d775fe2a8641d5c45'},
'2bb6ba2a3011b5820bc30a7986fbb3356cfdd92f6287264d51139a12c59f68c3': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'InitializeSecurityDescriptor',
'KERNEL32.dll': 'FindFirstFileA',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'SendDlgItemMessageA',
'msvcrt.dll': '_vsnprintf',
'ntdll.dll': 'NtShutdownSystem'},
'ImportedFunctions': ['__initenv',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'strncpy',
'strstr',
'_strlwr',
'strrchr',
'__getmainargs',
'_strnicmp',
'_wcsicmp',
'towlower',
'strchr',
'memset',
'tolower',
'memcpy',
'_snprintf',
'sprintf',
'free',
'malloc',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_stricmp',
'_vsnprintf',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'CryptAcquireContextA',
'CryptGenRandom',
'CryptReleaseContext',
'AllocateAndInitializeSid',
'OpenProcessToken',
'GetTokenInformation',
'GetLengthSid',
'InitiateSystemShutdownA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'InitializeSecurityDescriptor',
'CreateThread',
'GetFileSize',
'CreateProcessA',
'GetExitCodeProcess',
'DosDateTimeToFileTime',
'LocalFileTimeToFileTime',
'InitializeCriticalSectionAndSpinCount',
'SetEndOfFile',
'GetCurrentDirectoryA',
'QueryDosDeviceA',
'GetDiskFreeSpaceA',
'GetSystemTime',
'CreateEventA',
'SetFileAttributesA',
'CopyFileA',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SystemTimeToFileTime',
'GetProcessHeap',
'FindClose',
'FindNextFileA',
'SetFileTime',
'Sleep',
'GetVersionExA',
'ReadFile',
'SetFilePointer',
'MoveFileExA',
'RemoveDirectoryA',
'GetLastError',
'CreateDirectoryA',
'GetTickCount',
'SetErrorMode',
'CloseHandle',
'DeviceIoControl',
'CreateFileA',
'GetDriveTypeA',
'HeapFree',
'FormatMessageA',
'LeaveCriticalSection',
'DeleteFileA',
'EnterCriticalSection',
'TerminateProcess',
'WaitForMultipleObjects',
'CreateEventW',
'SetEvent',
'GetModuleFileNameA',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'WideCharToMultiByte',
'HeapAlloc',
'SetLastError',
'WriteFile',
'GetProcAddress',
'LoadLibraryA',
'GetSystemDirectoryA',
'FreeLibrary',
'MoveFileA',
'ExpandEnvironmentStringsA',
'ExitProcess',
'DeleteCriticalSection',
'FlushFileBuffers',
'WaitForSingleObject',
'OpenEventA',
'GetCurrentProcess',
'GetFileAttributesA',
'GetCommandLineA',
'FindFirstFileA',
'NtOpenProcessToken',
'NtAdjustPrivilegesToken',
'NtClose',
'NtShutdownSystem',
'ShowWindow',
'SendMessageA',
'DialogBoxParamA',
'MessageBoxA',
'SetParent',
'EndDialog',
'LoadStringA',
'SendDlgItemMessageA',
'SHBrowseForFolderA',
'SHGetPathFromIDListA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 133,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3488,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/2bb6ba2a3011b5820bc30a7986fbb3356cfdd92f6287264d51139a12c59f68c3'},
'2c35d36fbef41f51fce55dbe751bd3a2307e70c0ae055f58eb20271cdb5036fa': {'AddressOfEntryPoint': 1073792093,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'EnumProcessModules'},
'ImportedFunctions': ['UnmapViewOfFile',
'CloseHandle',
'OpenEventA',
'MapViewOfFile',
'OpenFileMappingA',
'MultiByteToWideChar',
'lstrlenA',
'OpenProcess',
'SetEvent',
'WaitForSingleObject',
'GetLastError',
'CreateMutexA',
'GetCommandLineA',
'HeapFree',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetModuleHandleW',
'Sleep',
'GetProcAddress',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapAlloc',
'LoadLibraryA',
'InitializeCriticalSectionAndSpinCount',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'HeapSize',
'GetLocaleInfoA',
'HeapReAlloc',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetModuleFileNameExA',
'EnumProcessModules'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 71,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 1436,
'StackReserveSize': 1048576,
'filename': './data/malware/2c35d36fbef41f51fce55dbe751bd3a2307e70c0ae055f58eb20271cdb5036fa'},
'2c8f21f584a3803463d2584785b85f483f5c14abd910bae289430ed2c6ce5e36': {'AddressOfEntryPoint': 1074000701,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 176128,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegEnumKeyExW',
'CRYPT32.dll': 'CryptMsgClose',
'KERNEL32.dll': 'HeapFree',
'PSAPI.DLL': 'GetModuleFileNameExW',
'SHELL32.dll': 'ShellExecuteExW',
'SHLWAPI.dll': 'StrStrIW',
'VERSION.dll': 'VerQueryValueA',
'WINTRUST.dll': 'WTHelperGetProvSignerFromChain',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['ShellExecuteExW',
'GetModuleFileNameExW',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'RegOpenKeyExA',
'RegSetValueExW',
'RegCreateKeyExW',
'RegDeleteKeyW',
'RegQueryValueExA',
'RegEnumKeyExW',
'StrStrIW',
'CoInitialize',
'CoCreateInstance',
'WTHelperProvDataFromStateData',
'WTHelperGetProvSignerFromChain',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'CloseHandle',
'OpenProcess',
'GetModuleFileNameW',
'GetCurrentProcess',
'UnmapViewOfFile',
'MapViewOfFile',
'OpenFileMappingA',
'GetLongPathNameW',
'ExpandEnvironmentStringsW',
'GetVersionExA',
'GetLastError',
'CreateProcessW',
'GetFileAttributesW',
'FindClose',
'FindFirstFileW',
'GetWindowsDirectoryW',
'FreeLibrary',
'LoadLibraryA',
'GetWindowsDirectoryA',
'MultiByteToWideChar',
'lstrlenA',
'lstrcmpA',
'SetLastError',
'LoadLibraryW',
'lstrlenW',
'GetFileType',
'CreateFileA',
'LocalFree',
'GetSystemTime',
'FormatMessageW',
'GetCurrentThreadId',
'OutputDebugStringA',
'ReadFile',
'SetFilePointer',
'GetACP',
'WriteFile',
'GetFileSize',
'CreateFileW',
'CreateMutexA',
'WaitForSingleObject',
'ReleaseMutex',
'InitializeCriticalSectionAndSpinCount',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'TlsGetValue',
'TlsSetValue',
'HeapAlloc',
'GetProcessHeap',
'GetProcAddress',
'OpenThread',
'TlsAlloc',
'TlsFree',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'GetCurrentProcessId',
'LocalFileTimeToFileTime',
'SystemTimeToFileTime',
'GetFileSizeEx',
'SetFilePointerEx',
'DeviceIoControl',
'GetSystemTimeAsFileTime',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'GetCommandLineA',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'HeapReAlloc',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetCPInfo',
'GetOEMCP',
'IsValidCodePage',
'GetModuleHandleW',
'Sleep',
'ExitProcess',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'HeapSize',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'FlushFileBuffers',
'WideCharToMultiByte',
'HeapFree',
'CertGetNameStringA',
'CertGetNameStringW',
'CertGetCertificateContextProperty',
'CertCloseStore',
'CryptMsgUpdate',
'CryptMsgOpenToDecode',
'CertOpenStore',
'CryptMsgClose'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 139,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 15664,
'StackReserveSize': 1048576,
'filename': './data/malware/2c8f21f584a3803463d2584785b85f483f5c14abd910bae289430ed2c6ce5e36'},
'2ccab21121df27e4297f3d669f2b21267f1f3211e8fe09cf665024001ec53b75': {'AddressOfEntryPoint': 86700,
'DebugRVA': 686356,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 785988,
'ExportSize': 89,
'IATRVA': 688128,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 517168,
'SectionNames': {'.data\x00\x00\x00': 12800,
'.pdata\x00\x00': 47616,
'.rdata\x00\x00': 202752,
'.reloc\x00\x00': 10752,
'.rsrc\x00\x00\x00': 517632,
'.text\x00\x00\x00': 682496},
'StackReserveSize': 524288,
'filename': './data/malware/2ccab21121df27e4297f3d669f2b21267f1f3211e8fe09cf665024001ec53b75'},
'2cf12dfc7d2db4ab5383592293a929a3d73850a5957fcc330ac80320ebb43a8d': {'AddressOfEntryPoint': 510204,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 593920,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetAclInformation',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAccessData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'EnumWindows',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Destroy',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_ReplaceIcon',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'WaitForSingleObject',
'HeapFree',
'GetProcessHeap',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'ReadFile',
'SetFilePointer',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'CreateThread',
'GetLocalTime',
'CompareStringW',
'CompareStringA',
'WriteFile',
'GetStdHandle',
'CreatePipe',
'EnterCriticalSection',
'TerminateThread',
'LeaveCriticalSection',
'DeleteCriticalSection',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'VirtualAlloc',
'LoadLibraryExW',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'LoadLibraryA',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FreeLibrary',
'InitializeCriticalSection',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'GetProcAddress',
'LoadLibraryW',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'InitializeCriticalSectionAndSpinCount',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'FlushFileBuffers',
'SetStdHandle',
'LCMapStringW',
'LCMapStringA',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'OutputDebugStringW',
'SetEnvironmentVariableA',
'IsCharAlphaNumericW',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'OpenClipboard',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'keybd_event',
'VkKeyScanA',
'GetKeyboardLayoutNameA',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'GetClipboardData',
'TrackPopupMenuEx',
'IsClipboardFormatAvailable',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'BlockInput',
'GetMessageW',
'LockWindowUpdate',
'SystemParametersInfoW',
'DispatchMessageW',
'EnumWindows',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'LineTo',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetSecurityDescriptorDacl',
'GetAce',
'AddAce',
'GetAclInformation',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'VarR8FromDec',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'SafeArrayAccessData'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 92872,
'SectionNames': {'.data\x00\x00\x00': 18432,
'.pdata\x00\x00': 17408,
'.rdata\x00\x00': 79360,
'.rsrc\x00\x00\x00': 93184,
'.text\x00\x00\x00': 588800},
'StackReserveSize': 4194304,
'filename': './data/malware/2cf12dfc7d2db4ab5383592293a929a3d73850a5957fcc330ac80320ebb43a8d'},
'2cf222d489e7a9a44ec6dfa5e928e3a6b58226c31a7fe9d9230384446f955607': {'AddressOfEntryPoint': 1073758637,
'DebugRVA': 12896,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'KERNEL32.dll': 'GetSystemTimeAsFileTime',
'MSVCR80.dll': '_XcptFilter',
'SHELL32.dll': 'CommandLineToArgvW',
'SHLWAPI.dll': 'StrCmpNW'},
'ImportedFunctions': ['GetVersionExW',
'GetFileAttributesW',
'GetCurrentProcess',
'GetModuleFileNameW',
'LoadLibraryExW',
'FreeLibrary',
'LocalFree',
'GetProcAddress',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetStartupInfoW',
'Sleep',
'GetSystemTimeAsFileTime',
'RegDeleteValueW',
'RegSetValueExW',
'RegCloseKey',
'RegOpenKeyExW',
'ShellExecuteExW',
'CommandLineToArgvW',
'PathFileExistsW',
'StrCmpIW',
'StrCpyW',
'PathRemoveFileSpecW',
'StrCatW',
'StrCatBuffW',
'StrCmpNW',
'wcscat_s',
'wcsstr',
'memset',
'_amsg_exit',
'__wgetmainargs',
'__C_specific_handler',
'wcsrchr',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'_encode_pointer',
'__set_app_type',
'__crt_debugger_hook',
'?terminate@@YAXXZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'wcslen',
'wcscpy_s',
'_XcptFilter'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 64,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 432,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 3584,
'.text\x00\x00\x00': 4608,
'7V\x00\x00c\x00\x00\x00': 512},
'StackReserveSize': 1048576,
'filename': './data/malware/2cf222d489e7a9a44ec6dfa5e928e3a6b58226c31a7fe9d9230384446f955607'},
'2d0aba272b39e942344931beb1469229285ea1e23bf8ee1038b8d32ba2e8db86': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3484,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/2d0aba272b39e942344931beb1469229285ea1e23bf8ee1038b8d32ba2e8db86'},
'2d14147c131afd39db6f868a0bf7d5ab5697b5eae497af5170c31d83287a855d': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 196020,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 196096,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/2d14147c131afd39db6f868a0bf7d5ab5697b5eae497af5170c31d83287a855d'},
'2d726abd9e0bc3716f86141015eab7379689115223662f943d7579f9c683d3cc': {'AddressOfEntryPoint': 24716,
'DebugRVA': 8240,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'ntoskrnl.exe': 'RtlInitUnicodeString'},
'ImportedFunctions': ['IoCreateFile',
'ZwClose',
'DbgPrint',
'KeBugCheckEx',
'RtlInitUnicodeString'],
'LinkerVersion': 8,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 5,
'NumberOfSections': 7,
'OSVersion': 6,
'ResSize': 912,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 512,
'INIT\x00\x00\x00\x00': 1024,
'PAGE\x00\x00\x00\x00': 512},
'StackReserveSize': 262144,
'filename': './data/malware/2d726abd9e0bc3716f86141015eab7379689115223662f943d7579f9c683d3cc'},
'2dde31dbb7090df38972b3d577d71c16b799e5d1f58d6bdc0fad0b588f4dd886': {'AddressOfEntryPoint': 4206,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 125104,
'ImageBase': 5368709120,
'ImageVersion': 4,
'ImportedDLL': {'KERNEL32.dll': 'GetModuleHandleW'},
'ImportedFunctions': ['VirtualAlloc',
'MapViewOfFile',
'GetModuleHandleW'],
'LinkerVersion': 6,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 3,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 0,
'SectionNames': {'.bss\x00\x00\x00\x00': 48128,
'.reloc\x00\x00': 1024,
'.text\x00\x00\x00': 72704,
'CRT\x00\x00\x00\x00\x00': 46080},
'StackReserveSize': 1048576,
'filename': './data/malware/2dde31dbb7090df38972b3d577d71c16b799e5d1f58d6bdc0fad0b588f4dd886'},
'2deb9d002aeb1f3f12a3104f1aa71d038b3a0ca354d45ac13e35d4836cb3add9': {'AddressOfEntryPoint': 1074048477,
'DebugRVA': 186944,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 184320,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'ExtTextOutA',
'KERNEL32.dll': 'GetLastError',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'DragQueryFileA',
'SHLWAPI.dll': 'PathFindExtensionA',
'USER32.dll': 'EnableMenuItem',
'WINSPOOL.DRV': 'ClosePrinter'},
'ImportedFunctions': ['HeapAlloc',
'HeapFree',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'Sleep',
'RaiseException',
'RtlPcToFileHeader',
'HeapQueryInformation',
'HeapReAlloc',
'HeapSize',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'GetStdHandle',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetStartupInfoA',
'SetHandleCount',
'GetFileType',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'InitializeCriticalSectionAndSpinCount',
'GetACP',
'IsValidCodePage',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'GetCommandLineA',
'GetModuleHandleW',
'SetErrorMode',
'CreateFileA',
'GetCurrentProcess',
'FlushFileBuffers',
'SetFilePointer',
'WriteFile',
'GetOEMCP',
'GetCPInfo',
'FormatMessageA',
'TlsFree',
'DeleteCriticalSection',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'LocalFree',
'LocalAlloc',
'GlobalFlags',
'GlobalFree',
'WritePrivateProfileStringA',
'lstrlenA',
'GlobalUnlock',
'GetCurrentProcessId',
'CloseHandle',
'GetModuleFileNameW',
'GlobalGetAtomNameA',
'GlobalAddAtomA',
'GlobalFindAtomA',
'SetLastError',
'MultiByteToWideChar',
'lstrcmpW',
'GetVersionExA',
'GlobalDeleteAtom',
'GetCurrentThread',
'GetCurrentThreadId',
'ConvertDefaultLocale',
'EnumResourceLanguagesA',
'GetModuleFileNameA',
'GetLocaleInfoA',
'WideCharToMultiByte',
'CompareStringA',
'FindResourceA',
'LoadResource',
'LockResource',
'SizeofResource',
'GlobalLock',
'lstrcmpA',
'GlobalAlloc',
'GetModuleHandleA',
'ExpandEnvironmentStringsA',
'ExitProcess',
'CreateProcessA',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'GetEnvironmentStringsW',
'GetLastError',
'GetWindowDC',
'ReleaseDC',
'GetDC',
'ClientToScreen',
'GrayStringA',
'DrawTextExA',
'DrawTextA',
'TabbedTextOutA',
'FillRect',
'SetWindowTextA',
'UnpackDDElParam',
'ReuseDDElParam',
'LoadMenuA',
'DestroyMenu',
'ReleaseCapture',
'LoadAcceleratorsA',
'InvalidateRect',
'InsertMenuItemA',
'CreatePopupMenu',
'SetRectEmpty',
'BringWindowToTop',
'ShowWindow',
'TranslateAcceleratorA',
'GetWindowThreadProcessId',
'IsWindowEnabled',
'ShowOwnedPopups',
'SetCursor',
'GetMessageA',
'TranslateMessage',
'GetActiveWindow',
'ValidateRect',
'SetMenuItemBitmaps',
'GetMenuCheckMarkDimensions',
'LoadBitmapA',
'ModifyMenuA',
'GetMenuState',
'CheckMenuItem',
'RegisterWindowMessageA',
'WinHelpA',
'GetCapture',
'SetWindowsHookExA',
'CallNextHookEx',
'GetClassLongA',
'GetClassNameA',
'GetClassLongPtrA',
'SetPropA',
'GetPropA',
'RemovePropA',
'GetFocus',
'IsWindow',
'SetFocus',
'GetWindowTextA',
'GetForegroundWindow',
'GetLastActivePopup',
'SetActiveWindow',
'DispatchMessageA',
'BeginDeferWindowPos',
'EndDeferWindowPos',
'GetDlgItem',
'GetTopWindow',
'DestroyWindow',
'GetWindowLongPtrA',
'SetWindowLongPtrA',
'UnhookWindowsHookEx',
'GetMessageTime',
'GetMessagePos',
'PeekMessageA',
'MapWindowPoints',
'TrackPopupMenu',
'FindWindowA',
'LoadIconA',
'LoadCursorA',
'GetDesktopWindow',
'GetKeyState',
'SetMenu',
'EnableWindow',
'SetForegroundWindow',
'IsWindowVisible',
'UpdateWindow',
'GetClientRect',
'GetSubMenu',
'UnregisterClassA',
'GetSysColorBrush',
'GetMenuItemInfoA',
'InflateRect',
'GetCursorPos',
'PostQuitMessage',
'PostMessageA',
'GetWindow',
'GetSystemMetrics',
'GetWindowRect',
'GetWindowPlacement',
'IsIconic',
'SystemParametersInfoA',
'IntersectRect',
'OffsetRect',
'SetWindowPos',
'SetWindowLongA',
'GetWindowLongA',
'GetMenu',
'CallWindowProcA',
'DefWindowProcA',
'SendMessageA',
'GetDlgCtrlID',
'PtInRect',
'GetMenuItemID',
'GetMenuItemCount',
'MessageBoxA',
'CreateWindowExA',
'GetClassInfoExA',
'GetClassInfoA',
'RegisterClassA',
'GetSysColor',
'AdjustWindowRectEx',
'GetParent',
'ScreenToClient',
'EqualRect',
'DeferWindowPos',
'CopyRect',
'EnableMenuItem',
'DeleteDC',
'CreatePatternBrush',
'GetStockObject',
'GetDeviceCaps',
'CreateSolidBrush',
'CreateFontIndirectA',
'GetTextExtentPoint32A',
'TextOutA',
'ScaleWindowExtEx',
'SetWindowExtEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'SelectObject',
'Escape',
'RectVisible',
'PtVisible',
'GetPixel',
'BitBlt',
'DeleteObject',
'SetMapMode',
'SetBkMode',
'RestoreDC',
'SaveDC',
'CreateCompatibleDC',
'CreateCompatibleBitmap',
'CreateBitmap',
'GetObjectA',
'SetBkColor',
'SetTextColor',
'GetClipBox',
'ExtTextOutA',
'DocumentPropertiesA',
'OpenPrinterA',
'ClosePrinter',
'RegSetValueExA',
'RegCreateKeyExA',
'RegQueryValueA',
'RegOpenKeyA',
'RegEnumKeyA',
'RegDeleteKeyA',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegCloseKey',
'DragFinish',
'DragQueryFileA',
'PathFindFileNameA',
'PathFindExtensionA',
'VariantClear',
'VariantChangeType',
'VariantInit'],
'LinkerVersion': 9,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 283,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 40348,
'StackReserveSize': 1048576,
'filename': './data/malware/2deb9d002aeb1f3f12a3104f1aa71d038b3a0ca354d45ac13e35d4836cb3add9'},
'2debe67a9d687500e6a82b4896301429280435bb5225bd90abae4e7cb85458a5': {'AddressOfEntryPoint': 1073802077,
'DebugRVA': 33936,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 32768,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'HTTPAPI.dll': 'HttpReceiveHttpRequest',
'IPHLPAPI.DLL': 'SendARP',
'KERNEL32.dll': 'SetUnhandledExceptionFilter',
'MSVCP80.dll': '??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ',
'MSVCR80.dll': 'memset',
'USER32.dll': 'SendMessageW',
'WS2_32.dll': 'inet_addr',
'ole32.dll': 'CoInitializeEx'},
'ImportedFunctions': ['CloseHandle',
'CancelIo',
'InitializeCriticalSection',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'OpenFileMappingW',
'OpenSemaphoreW',
'MapViewOfFile',
'CreateEventW',
'CancelIoEx',
'GetLastError',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'RtlCaptureContext',
'TerminateProcess',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'OpenMutexW',
'ReleaseSemaphore',
'SetEvent',
'OpenProcess',
'SetThreadPriority',
'Sleep',
'OutputDebugStringW',
'WaitForSingleObject',
'HeapAlloc',
'GetProcessHeap',
'ResetEvent',
'OpenEventW',
'UnmapViewOfFile',
'HeapFree',
'GetSystemTimeAsFileTime',
'WaitForMultipleObjects',
'SetUnhandledExceptionFilter',
'PostMessageW',
'SendMessageW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'RegOpenKeyExW',
'RegCloseKey',
'CoUninitialize',
'CoInitializeEx',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z',
'?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAHPEB_W@Z',
'??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@_W@Z',
'??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z',
'??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAAEB_W_K@Z',
'??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z',
'??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z',
'??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z',
'??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@D@Z',
'??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z',
'??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXAEAV12@@Z',
'??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z',
'??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z',
'??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ',
'_onexit',
'_decode_pointer',
'?terminate@@YAXXZ',
'_amsg_exit',
'__wgetmainargs',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_lock',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'__crt_debugger_hook',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'_encode_pointer',
'__dllonexit',
'_unlock',
'__C_specific_handler',
'_stricmp',
'swscanf_s',
'??0exception@std@@QEAA@AEBQEBD@Z',
'_invalid_parameter_noinfo',
'wprintf',
'_beginthreadex',
'??_V@YAXPEAX@Z',
'memmove_s',
'??2@YAPEAX_K@Z',
'memcpy_s',
'?what@exception@std@@UEBAPEBDXZ',
'strcpy_s',
'??1exception@std@@UEAA@XZ',
'vswprintf_s',
'??0exception@std@@QEAA@XZ',
'??0exception@std@@QEAA@AEBV01@@Z',
'sprintf_s',
'??3@YAXPEAX@Z',
'__CxxFrameHandler3',
'_CxxThrowException',
'__winitenv',
'memset',
'HttpRemoveUrlFromUrlGroup',
'HttpCloseUrlGroup',
'HttpCloseServerSession',
'HttpSetUrlGroupProperty',
'HttpTerminate',
'HttpSendHttpResponse',
'HttpSendResponseEntityBody',
'HttpAddUrlToUrlGroup',
'HttpCreateRequestQueue',
'HttpCreateUrlGroup',
'HttpCreateServerSession',
'HttpCloseRequestQueue',
'HttpInitialize',
'HttpReceiveHttpRequest',
'SendARP',
'inet_ntoa',
'inet_addr'],
'LinkerVersion': 8,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 129,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 1432,
'SectionNames': {'\x19\x05\x01\x00c\x00\x00\x00': 1536,
'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rdata\x00\x00': 21504,
'.text\x00\x00\x00': 27648},
'StackReserveSize': 1048576,
'filename': './data/malware/2debe67a9d687500e6a82b4896301429280435bb5225bd90abae4e7cb85458a5'},
'2df9b94ab21d882f6c9caffcf03dfd910786fcf62ec2dd161a1fe435c0d7a9a4': {'AddressOfEntryPoint': 33652,
'DebugRVA': 8656,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'FLTMGR.SYS': 'FltGetBottomInstance',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['RtlCompareUnicodeString',
'RtlInitUnicodeString',
'ZwOpenProcess',
'IoDeleteDevice',
'ZwReadFile',
'ExpInterlockedPushEntrySList',
'ExpInterlockedPopEntrySList',
'ExQueryDepthSList',
'KeBugCheckEx',
'IoAttachDeviceToDeviceStackSafe',
'ZwClose',
'ExInitializeNPagedLookasideList',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateWorkItem',
'ExFreePoolWithTag',
'ExAllocatePool',
'IoRegisterFsRegistrationChange',
'ExDeleteNPagedLookasideList',
'ExAllocatePoolWithTag',
'IoThreadToProcess',
'PsGetProcessId',
'IoUnregisterFsRegistrationChange',
'IoDetachDevice',
'ExQueueWorkItem',
'ZwWriteFile',
'KeReleaseSpinLock',
'IoQueueWorkItem',
'IoCreateDevice',
'ObfDereferenceObject',
'IoFreeWorkItem',
'ZwQueryInformationProcess',
'__C_specific_handler',
'FltGetFileNameInformation',
'FltCancelFileOpen',
'FltClose',
'FltAttachVolume',
'FltCreateFile',
'FltGetVolumeFromName',
'FltSendMessage',
'FltFreeSecurityDescriptor',
'FltStartFiltering',
'FltGetVolumeFromDeviceObject',
'FltReleaseFileNameInformation',
'FltRegisterFilter',
'FltGetDeviceObject',
'FltObjectDereference',
'FltBuildDefaultSecurityDescriptor',
'FltGetVolumeName',
'FltCreateCommunicationPort',
'FltCloseCommunicationPort',
'FltEnumerateVolumes',
'FltUnregisterFilter',
'FltCloseClientPort',
'FltGetBottomInstance'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 55,
'NumberOfSections': 7,
'OSVersion': 6,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.text\x00\x00\x00': 3072,
'INIT\x00\x00\x00\x00': 3072,
'PAGE\x00\x00\x00\x00': 11264},
'StackReserveSize': 262144,
'filename': './data/malware/2df9b94ab21d882f6c9caffcf03dfd910786fcf62ec2dd161a1fe435c0d7a9a4'},
'2e06d0ebc006b7abb206a5e3ecb56cb3162404656eaaafe95c2b95bec7669669': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 398296,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 398336,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/2e06d0ebc006b7abb206a5e3ecb56cb3162404656eaaafe95c2b95bec7669669'},
'2e1738364af0008c3adf761818a88d004402d87f96639681b47fa66adba2f4ea': {'AddressOfEntryPoint': 94784,
'DebugRVA': 162000,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 159744,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'COMCTL32.dll': 'ImageList_Create',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'WriteConsoleA',
'OLEAUT32.dll': 'SysFreeString',
'SHELL32.dll': 'SHBrowseForFolderW',
'USER32.dll': 'LoadMenuW',
'VERSION.dll': 'GetFileVersionInfoW',
'comdlg32.dll': 'FindTextW',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['CreateToolbarEx',
'CreateStatusWindowW',
'ImageList_SetImageCount',
'ImageList_AddMasked',
'ImageList_Create',
'VerQueryValueW',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'GetSystemDirectoryW',
'lstrlenW',
'lstrcpyW',
'LockResource',
'WideCharToMultiByte',
'GetCommandLineW',
'GlobalUnlock',
'GetTempPathW',
'GetLocaleInfoW',
'CreateDirectoryW',
'GetDateFormatW',
'GetTempFileNameW',
'GlobalLock',
'SizeofResource',
'GetLastError',
'FormatMessageW',
'GetFileSize',
'GetVersionExW',
'GetModuleHandleW',
'SetFilePointer',
'GetTimeFormatW',
'SetFileTime',
'GetFileAttributesW',
'WriteFile',
'ReadFile',
'GetModuleFileNameW',
'CloseHandle',
'CreateFileW',
'GetWindowsDirectoryW',
'FindResourceW',
'WritePrivateProfileStringW',
'GetPrivateProfileIntW',
'EnumResourceNamesW',
'GetPrivateProfileStringW',
'GetStdHandle',
'SetErrorMode',
'CreateProcessW',
'DeleteFileW',
'RemoveDirectoryW',
'ReadProcessMemory',
'ExitProcess',
'GetCurrentProcessId',
'GetCurrentProcess',
'RaiseException',
'LocalFileTimeToFileTime',
'OpenProcess',
'TerminateProcess',
'EnumResourceTypesW',
'FlushFileBuffers',
'CreateFileA',
'WriteConsoleW',
'GetConsoleOutputCP',
'LoadLibraryExW',
'SetStdHandle',
'GetLocaleInfoA',
'GetStringTypeW',
'GetStringTypeA',
'InitializeCriticalSection',
'LoadLibraryA',
'HeapReAlloc',
'LeaveCriticalSection',
'EnterCriticalSection',
'GetConsoleMode',
'GetConsoleCP',
'RtlVirtualUnwind',
'GetSystemTimeAsFileTime',
'GetTickCount',
'QueryPerformanceCounter',
'DeleteCriticalSection',
'GetStartupInfoA',
'GetFileType',
'SetHandleCount',
'GetCommandLineA',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'GetModuleFileNameA',
'HeapDestroy',
'HeapCreate',
'HeapSetInformation',
'LCMapStringW',
'LCMapStringA',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetCPInfo',
'HeapSize',
'Sleep',
'FlsAlloc',
'GetCurrentThreadId',
'SetLastError',
'FlsFree',
'TlsFree',
'FlsSetValue',
'FlsGetValue',
'GetModuleHandleA',
'RtlCaptureContext',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'RtlPcToFileHeader',
'RtlUnwindEx',
'FileTimeToLocalFileTime',
'RtlLookupFunctionEntry',
'GetStartupInfoW',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'HeapFree',
'lstrlenA',
'CompareFileTime',
'GetLocalTime',
'SystemTimeToFileTime',
'FreeLibrary',
'LoadLibraryW',
'GetNumberFormatW',
'MultiByteToWideChar',
'GlobalAlloc',
'LocalFree',
'LoadResource',
'GetProcAddress',
'FileTimeToSystemTime',
'WriteConsoleA',
'DrawTextExW',
'IsDialogMessageW',
'PostQuitMessage',
'TrackPopupMenu',
'RegisterWindowMessageW',
'LoadCursorW',
'ShowWindow',
'GetSysColorBrush',
'ChildWindowFromPoint',
'SetCursor',
'GetMessageW',
'SetDlgItemTextW',
'BeginPaint',
'GetDlgItemTextW',
'GetClientRect',
'GetSystemMetrics',
'DeferWindowPos',
'CreateWindowExW',
'DestroyIcon',
'LoadIconW',
'SetWindowPos',
'LoadStringW',
'EnumChildWindows',
'DialogBoxParamW',
'CreateDialogParamW',
'GetParent',
'DestroyMenu',
'GetDlgCtrlID',
'GetMenuItemInfoW',
'ModifyMenuW',
'GetWindowTextW',
'DestroyWindow',
'GetMenu',
'CloseClipboard',
'MapWindowPoints',
'EnableWindow',
'GetSysColor',
'SetClipboardData',
'GetCursorPos',
'GetMenuStringW',
'CheckMenuRadioItem',
'CheckMenuItem',
'GetMenuItemCount',
'MoveWindow',
'OpenClipboard',
'GetClassNameW',
'ReleaseDC',
'GetSubMenu',
'EnableMenuItem',
'GetDC',
'EmptyClipboard',
'EndDeferWindowPos',
'BeginDeferWindowPos',
'SetFocus',
'GetWindowLongW',
'SetWindowLongW',
'LoadImageW',
'PeekMessageW',
'TranslateMessage',
'DispatchMessageW',
'SetMenu',
'SetWindowPlacement',
'TranslateAcceleratorW',
'MessageBoxW',
'RegisterClassW',
'SendMessageW',
'PostMessageW',
'DefWindowProcW',
'LoadAcceleratorsW',
'GetWindowPlacement',
'UpdateWindow',
'SetWindowTextW',
'SetDlgItemInt',
'DrawFrameControl',
'GetWindow',
'EndPaint',
'InvalidateRect',
'GetDlgItemInt',
'GetDlgItem',
'GetWindowRect',
'EndDialog',
'SendDlgItemMessageW',
'LoadMenuW',
'SetBkMode',
'SetTextColor',
'CreateFontIndirectW',
'SelectObject',
'GetDeviceCaps',
'GetTextExtentPoint32W',
'GetStockObject',
'SetBkColor',
'DeleteObject',
'GetSaveFileNameW',
'FindTextW',
'SHGetPathFromIDListW',
'SHGetMalloc',
'SHGetFileInfoW',
'ShellExecuteW',
'SHBrowseForFolderW',
'CoUninitialize',
'CoInitialize',
'WriteClassStg',
'StgCreateDocfile',
'CoCreateInstance',
'VariantClear',
'SysAllocString',
'SysFreeString'],
'LinkerVersion': 8,
'NumberOfImportDLL': 10,
'NumberOfImportFunctions': 239,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 19152,
'SectionNames': {'.data\x00\x00\x00': 7680,
'.pdata\x00\x00': 7680,
'.rdata\x00\x00': 32768,
'.rsrc\x00\x00\x00': 19456,
'.text\x00\x00\x00': 153600},
'StackReserveSize': 1048576,
'filename': './data/malware/2e1738364af0008c3adf761818a88d004402d87f96639681b47fa66adba2f4ea'},
'2e9532ca86fbaa19de9b8e529ed10adf791064fcc56f9b1d86e907c4bd9b1a77': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 209368,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 209408,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/2e9532ca86fbaa19de9b8e529ed10adf791064fcc56f9b1d86e907c4bd9b1a77'},
'2ea7ba53f55d1abcfb6e7b14c0b36ebc72ff38b4d1ec3603e1cabbcc752e86c0': {'AddressOfEntryPoint': 114808,
'DebugRVA': 6352,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'COMCTL32.dll': 'InitCommonControlsEx',
'CRYPT32.dll': 'CertVerifyCertificateChainPolicy',
'GDI32.dll': 'CreateFontIndirectW',
'KERNEL32.dll': 'GetModuleFileNameW',
'OLEAUT32.dll': 'SysFreeString',
'SHELL32.dll': 'SHCreateDirectoryExW',
'SHLWAPI.dll': 'SHSetValueW',
'USER32.dll': 'LoadStringW',
'UxTheme.dll': 'IsThemeActive',
'VERSION.dll': 'GetFileVersionInfoW',
'WINTRUST.dll': 'WTHelperProvDataFromStateData',
'msvcrt.dll': '__getmainargs',
'ntdll.dll': 'RtlCaptureContext',
'ole32.dll': 'CoUninitialize'},
'ImportedFunctions': ['RegDeleteKeyW',
'RegEnumValueW',
'RegOpenKeyExW',
'RegCloseKey',
'CloseServiceHandle',
'OpenSCManagerW',
'OpenServiceW',
'QueryServiceStatusEx',
'OpenProcessToken',
'DuplicateTokenEx',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'GetTempFileNameW',
'FindFirstFileW',
'FindResourceExW',
'SetEnvironmentVariableW',
'CreateDirectoryW',
'InitializeCriticalSectionAndSpinCount',
'GetVersionExW',
'MoveFileW',
'FindClose',
'RemoveDirectoryW',
'FindNextFileW',
'GetUserDefaultUILanguage',
'GetWindowsDirectoryW',
'DeleteFileW',
'WaitForSingleObject',
'SetEvent',
'GetTickCount',
'InitializeCriticalSection',
'GetSystemDirectoryW',
'Sleep',
'FormatMessageW',
'GetExitCodeProcess',
'CreateEventW',
'WaitForMultipleObjects',
'CreateThread',
'lstrcmpiW',
'FreeLibrary',
'GetCurrentProcess',
'CreateProcessW',
'OpenProcess',
'LoadLibraryW',
'GetProcAddress',
'SetFilePointer',
'WriteFile',
'CreateFileW',
'FlushFileBuffers',
'SetLastError',
'GetLocalTime',
'MoveFileExW',
'GetTempPathW',
'SetProcessShutdownParameters',
'SetFileAttributesW',
'EnumResourceNamesW',
'LocalAlloc',
'GetLocaleInfoW',
'SizeofResource',
'EnumUILanguagesW',
'LockResource',
'EnumResourceLanguagesW',
'MulDiv',
'RaiseException',
'GetSystemDefaultLangID',
'GetUserDefaultLangID',
'GetCurrentDirectoryW',
'GetSystemInfo',
'ExpandEnvironmentStringsW',
'LocalFree',
'CloseHandle',
'GetModuleHandleW',
'DeleteCriticalSection',
'GetCommandLineW',
'CreateMutexW',
'GlobalMemoryStatusEx',
'FindResourceW',
'ResumeThread',
'CreateFileMappingW',
'IsWow64Process',
'MapViewOfFile',
'UnhandledExceptionFilter',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'QueryPerformanceCounter',
'SetUnhandledExceptionFilter',
'OutputDebugStringA',
'GetStartupInfoW',
'GetEnvironmentVariableW',
'lstrlenA',
'lstrcmpiA',
'lstrlenW',
'WideCharToMultiByte',
'GetVersionExA',
'GetLastError',
'LoadResource',
'EnterCriticalSection',
'OutputDebugStringW',
'LeaveCriticalSection',
'TerminateProcess',
'GetModuleFileNameW',
'GetDeviceCaps',
'GetObjectW',
'SetTextColor',
'CreateFontIndirectW',
'SetDlgItemTextW',
'GetSysColorBrush',
'ShowWindow',
'SendDlgItemMessageW',
'EndDialog',
'GetDlgItem',
'LoadIconW',
'IsDialogMessageW',
'TranslateMessage',
'KillTimer',
'PostMessageW',
'LoadImageW',
'PostQuitMessage',
'GetMessageW',
'SetTimer',
'DestroyWindow',
'GetWindowThreadProcessId',
'CopyRect',
'SetWindowPos',
'GetDesktopWindow',
'SystemParametersInfoW',
'BringWindowToTop',
'OffsetRect',
'SetForegroundWindow',
'GetWindowRect',
'CharToOemW',
'ExitWindowsEx',
'ReleaseDC',
'GetDC',
'CreateDialogParamW',
'SendMessageW',
'UpdateWindow',
'GetDlgCtrlID',
'UnregisterClassA',
'DispatchMessageW',
'CharNextW',
'FindWindowW',
'LoadStringW',
'_XcptFilter',
'_fileno',
'_read',
'__pioinfo',
'__badioinfo',
'wcstombs',
'iswctype',
'ferror',
'wctomb',
'_itoa',
'_snprintf',
'_iob',
'localeconv',
'isxdigit',
'calloc',
'malloc',
'__C_specific_handler',
'memset',
'free',
'_exit',
'_errno',
'_wcsicmp',
'_ismbblead',
'_cexit',
'exit',
'_acmdln',
'??2@YAPEAX_K@Z',
'_vsnwprintf',
'??_V@YAXPEAX@Z',
'??_U@YAPEAX_K@Z',
'iswdigit',
'_wtol',
'iswalpha',
'_wcsnicmp',
'wcschr',
'??3@YAXPEAX@Z',
'isleadbyte',
'__mb_cur_max',
'mbtowc',
'isdigit',
'_initterm',
'ungetc',
'?terminate@@YAXXZ',
'_isatty',
'_write',
'_lseeki64',
'??1type_info@@UEAA@XZ',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'realloc',
'_CxxThrowException',
'memcpy',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_amsg_exit',
'__getmainargs',
'InitCommonControlsEx',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'CoInitializeEx',
'CoCreateInstance',
'CoSetProxyBlanket',
'CLSIDFromString',
'CoTaskMemFree',
'CoUninitialize',
'SysAllocString',
'SysStringLen',
'VariantClear',
'VariantInit',
'SysReAllocString',
'SysAllocStringLen',
'SysStringByteLen',
'SysFreeString',
'SHGetFolderPathW',
'CommandLineToArgvW',
'SHCreateDirectoryExW',
'GetFileVersionInfoSizeW',
'VerQueryValueW',
'GetFileVersionInfoW',
'PathIsRelativeW',
'SHDeleteKeyW',
'PathRemoveFileSpecW',
'PathIsDirectoryW',
'PathRemoveExtensionW',
'PathFindFileNameW',
'PathFileExistsW',
'PathFindExtensionW',
'SHRegSetUSValueW',
'SHGetValueW',
'PathStripPathW',
'StrChrW',
'SHRegGetUSValueW',
'SHRegGetValueW',
'PathIsFileSpecW',
'StrCmpNIW',
'SHSetValueW',
'IsThemeActive',
'CertVerifyCertificateChainPolicy',
'WTHelperGetProvSignerFromChain',
'WinVerifyTrust',
'WTHelperProvDataFromStateData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 15,
'NumberOfImportFunctions': 249,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 384368,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 384512,
'.text\x00\x00\x00': 141824},
'StackReserveSize': 524288,
'filename': './data/malware/2ea7ba53f55d1abcfb6e7b14c0b36ebc72ff38b4d1ec3603e1cabbcc752e86c0'},
'2f02a820c591f5c915ae5ab612362848b2a0b48be22529641d732030c66aa73e': {'AddressOfEntryPoint': 166787,
'DebugRVA': 400492,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 401408,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'EventWrite',
'COMCTL32.dll': 'PropertySheetW',
'GDI32.dll': 'SetBkColor',
'KERNEL32.dll': 'InitializeCriticalSection',
'OLEAUT32.dll': 'VariantInit',
'RPCRT4.dll': 'UuidCreate',
'SHELL32.dll': 'ShellExecuteExW',
'USER32.dll': 'DestroyWindow',
'UxTheme.dll': 'IsThemeActive',
'VERSION.dll': 'GetFileVersionInfoExW',
'WINMM.dll': 'timeGetTime',
'gdiplus.dll': 'GdipGetImageGraphicsContext',
'msvcrt.dll': '_wcsrev',
'ntdll.dll': 'NtQueryLicenseValue',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['SHGetSpecialFolderPathW',
'SHGetFolderPathW',
'ShellAboutW',
'ShellExecuteExW',
'GdipCloneImage',
'GdipCreateBitmapFromScan0',
'GdipCreateHBITMAPFromBitmap',
'GdipCreateFromHDC',
'GdipDrawImageRectI',
'GdipCreateBitmapFromHBITMAP',
'GdipCloneBitmapAreaI',
'GdipSetPageUnit',
'GdipFillRectangleI',
'GdipDeletePen',
'GdipCreatePen1',
'GdipDisposeImage',
'GdipCreateSolidFill',
'GdipDeleteBrush',
'GdipAlloc',
'GdipFree',
'GdiplusShutdown',
'GdiplusStartup',
'GdipDrawArcI',
'GdipSetSmoothingMode',
'GdipSetInterpolationMode',
'GdipDeleteGraphics',
'GdipDrawLineI',
'GdipGetImageGraphicsContext',
'RegEnumKeyExW',
'RegOpenKeyExW',
'RegEnumValueW',
'RegGetValueW',
'RegDeleteKeyW',
'RegQueryInfoKeyW',
'RegQueryValueExW',
'RegSetValueExW',
'QueryServiceConfigW',
'OpenServiceW',
'OpenSCManagerW',
'CloseServiceHandle',
'EventUnregister',
'EventRegister',
'RegCloseKey',
'RegCreateKeyExW',
'EventWrite',
'SysFreeString',
'SysAllocStringByteLen',
'VariantClear',
'SysStringLen',
'SysAllocString',
'VariantInit',
'IsThemeActive',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'ImageList_Destroy',
'ImageList_Create',
'ImageList_Add',
'CreatePropertySheetPageW',
'PropertySheetW',
'WinSqmAddToStreamEx',
'RtlInitUnicodeString',
'WinSqmAddToStream',
'WinSqmIncrementDWORD',
'NtQueryLicenseValue',
'lstrlenA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'WideCharToMultiByte',
'GetVersionExA',
'DeleteCriticalSection',
'GetCurrentProcessId',
'LeaveCriticalSection',
'GetModuleHandleW',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'FindResourceExW',
'GetSystemTime',
'WaitForSingleObject',
'CreateEventW',
'CreateThread',
'ResetEvent',
'SetEvent',
'CloseHandle',
'GlobalSize',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'lstrcmpW',
'MulDiv',
'GlobalFindAtomW',
'GetLastError',
'MultiByteToWideChar',
'GetLocalTime',
'GetDateFormatW',
'GetLocaleInfoW',
'WritePrivateProfileStringW',
'GetPrivateProfileStringW',
'lstrcmpiW',
'LoadLibraryW',
'GetProcAddress',
'GetLocaleInfoEx',
'FreeLibrary',
'LoadLibraryExA',
'DelayLoadFailureHook',
'HeapAlloc',
'GetCurrentProcess',
'HeapFree',
'GetProcessHeap',
'Wow64DisableWow64FsRedirection',
'GetVersionExW',
'Wow64RevertWow64FsRedirection',
'GetFileAttributesW',
'GetModuleFileNameW',
'FreeLibraryAndExitThread',
'IsWow64Process',
'LocalFree',
'LocalAlloc',
'LocalReAlloc',
'GetProfileStringW',
'lstrlenW',
'CompareStringW',
'RegisterApplicationRecoveryCallback',
'ApplicationRecoveryInProgress',
'Sleep',
'ApplicationRecoveryFinished',
'RegisterApplicationRestart',
'GetTempFileNameW',
'SystemTimeToFileTime',
'CompareFileTime',
'FileTimeToSystemTime',
'CreateFileW',
'DeleteFileW',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'HeapDestroy',
'HeapReAlloc',
'HeapSize',
'RaiseException',
'EnterCriticalSection',
'InitializeCriticalSection',
'SetWindowLongW',
'SetWindowLongPtrW',
'GetWindowLongPtrW',
'EnableWindow',
'GetWindowTextLengthW',
'GetWindowTextW',
'PostMessageW',
'IsWindowEnabled',
'CharNextA',
'IsClipboardFormatAvailable',
'GetMenuState',
'GetFocus',
'OpenClipboard',
'GetClipboardData',
'InvalidateRect',
'CloseClipboard',
'EmptyClipboard',
'SetClipboardData',
'PostQuitMessage',
'DefWindowProcW',
'LoadAcceleratorsW',
'InsertMenuItemW',
'RegisterClassExW',
'SetWindowPlacement',
'SetForegroundWindow',
'GetMessageW',
'TranslateAcceleratorW',
'GetMessageExtraInfo',
'TranslateMessage',
'DispatchMessageW',
'GetKeyState',
'IsDialogMessageW',
'GetClassNameW',
'GetDC',
'ReleaseDC',
'GetSystemMetrics',
'GetWindowLongW',
'DrawTextW',
'EnumChildWindows',
'SetPropW',
'SystemParametersInfoW',
'GetWindowPlacement',
'UpdateWindow',
'SendDlgItemMessageW',
'IsDlgButtonChecked',
'MoveWindow',
'SetDlgItemInt',
'GetDlgItemInt',
'SetClassLongW',
'GetNextDlgTabItem',
'MonitorFromWindow',
'GetMonitorInfoW',
'OffsetRect',
'EqualRect',
'MonitorFromRect',
'GetClassWord',
'EnumDesktopWindows',
'EnumDisplayMonitors',
'IntersectRect',
'CopyRect',
'CreateDialogParamW',
'GetProcessDefaultLayout',
'CreatePopupMenu',
'TrackPopupMenu',
'GetAncestor',
'FindWindowW',
'DialogBoxParamW',
'CheckMenuItem',
'GetSysColor',
'SetClassLongPtrW',
'GetClassLongPtrW',
'EndDialog',
'SetWindowPos',
'GetDlgItem',
'GetWindowRect',
'SendMessageW',
'MessageBeep',
'LoadCursorW',
'SetCursor',
'DrawMenuBar',
'SetMenuItemInfoW',
'AppendMenuW',
'LoadStringW',
'GetSubMenu',
'RemoveMenu',
'CheckMenuRadioItem',
'SetFocus',
'MapWindowPoints',
'EnableMenuItem',
'GetParent',
'GetMenu',
'GetClientRect',
'LoadImageW',
'UnregisterClassA',
'FillRect',
'SetWindowTextW',
'ShowWindow',
'CreateWindowExW',
'CheckRadioButton',
'DestroyWindow',
'UuidToStringW',
'RpcStringFreeW',
'UuidCreate',
'timeGetTime',
'VerQueryValueW',
'GetFileVersionInfoSizeExW',
'GetFileVersionInfoExW',
'CreatePatternBrush',
'DeleteObject',
'SetBkMode',
'SelectObject',
'GetTextExtentPointW',
'DeleteDC',
'GetRgnBox',
'CreateSolidBrush',
'GetTextMetricsW',
'GetTextExtentPoint32W',
'GetObjectW',
'ExtCreatePen',
'MoveToEx',
'LineTo',
'CreateCompatibleBitmap',
'CreateRectRgn',
'CreateRectRgnIndirect',
'SetRectRgn',
'CombineRgn',
'EqualRgn',
'CreateDIBSection',
'CreateFontIndirectW',
'CreateCompatibleDC',
'GetDeviceCaps',
'SetTextColor',
'GetStockObject',
'SetBkColor',
'_wcsdup',
'_i64tow_s',
'_wtoi64',
'sprintf_s',
'_strtoi64',
'_strtoui64',
'memchr',
'strcspn',
'wcsrchr',
'wcstoul',
'isalpha',
'time',
'difftime',
'memmove',
'memset',
'__C_specific_handler',
'??0exception@@QEAA@AEBQEBDH@Z',
'_CxxThrowException',
'_callnewh',
'__CxxFrameHandler3',
'setlocale',
'__pctype_func',
'___lc_codepage_func',
'___lc_handle_func',
'localeconv',
'_errno',
'___mb_cur_max_func',
'__mb_cur_max',
'__crtGetStringTypeW',
'__crtLCMapStringW',
'__uncaught_exception',
'tolower',
'isspace',
'abort',
'isalnum',
'__getmainargs',
'_XcptFilter',
'_exit',
'_ismbblead',
'_cexit',
'_acmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'??1type_info@@UEAA@XZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'?terminate@@YAXXZ',
'iswalpha',
'iswdigit',
'_wcslwr_s',
'_wcsnicmp',
'wcsncmp',
'_itow_s',
'calloc',
'wcschr',
'_wcsicmp',
'_itoa',
'_wtoi',
'_vsnwprintf',
'wcscat_s',
'wcscpy_s',
'wcstol',
'mbstowcs_s',
'exit',
'isdigit',
'isxdigit',
'toupper',
'_purecall',
'malloc',
'??0exception@@QEAA@XZ',
'memmove_s',
'??0exception@@QEAA@AEBQEBD@Z',
'??1exception@@UEAA@XZ',
'?what@exception@@UEBAPEBDXZ',
'memcpy_s',
'??0exception@@QEAA@AEBV0@@Z',
'free',
'memcpy',
'_wcsrev'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 370,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 403352,
'SectionNames': {'.data\x00\x00\x00': 19968,
'.pdata\x00\x00': 26112,
'.rdata\x00\x00': 69632,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 403456,
'.text\x00\x00\x00': 396800},
'StackReserveSize': 524288,
'filename': './data/malware/2f02a820c591f5c915ae5ab612362848b2a0b48be22529641d732030c66aa73e'},
'2f3a68fff0973a87198307b55c6680503fc8254bcb2d745e27b0d23343ce5f51': {'AddressOfEntryPoint': 1073910005,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 110592,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'EnterCriticalSection',
'OLEAUT32.dll': 'VariantClear',
'SHELL32.dll': 'Shell_NotifyIconA',
'SHLWAPI.dll': 'StrStrIA',
'USER32.dll': 'DestroyWindow',
'hccutils.DLL': 'FindResources',
'ole32.dll': 'CoTaskMemAlloc'},
'ImportedFunctions': ['LoadSTRING',
'LoadBITMAP',
'LoadICON',
'LoadIMAGE',
'FindResources',
'MultiByteToWideChar',
'WideCharToMultiByte',
'lstrlenW',
'RaiseException',
'InitializeCriticalSection',
'DeleteCriticalSection',
'lstrlenA',
'lstrcmpiA',
'GetModuleFileNameA',
'GetModuleHandleW',
'IsDBCSLeadByte',
'SizeofResource',
'LoadResource',
'FindResourceA',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentThreadId',
'GetCommandLineA',
'Sleep',
'GetStringTypeW',
'GetStringTypeA',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetTickCount',
'QueryPerformanceCounter',
'GetFileType',
'SetHandleCount',
'CreateEventA',
'WriteConsoleW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'HeapSize',
'HeapReAlloc',
'HeapCreate',
'HeapSetInformation',
'GetStdHandle',
'WriteFile',
'LCMapStringA',
'ExitProcess',
'LCMapStringW',
'FlsAlloc',
'SetLastError',
'FlsFree',
'FlsSetValue',
'FlsGetValue',
'DecodePointer',
'EncodePointer',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetCPInfo',
'GetStartupInfoA',
'VirtualQuery',
'GetSystemInfo',
'VirtualAlloc',
'VirtualProtect',
'GetLastError',
'CloseHandle',
'GetVersionExA',
'LoadLibraryA',
'FreeLibrary',
'GetModuleHandleA',
'GetEnvironmentStringsW',
'GetProcAddress',
'CreateFileA',
'GetLocaleInfoA',
'FreeEnvironmentStringsW',
'HeapAlloc',
'RtlUnwindEx',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'GetConsoleOutputCP',
'WriteConsoleA',
'FlushFileBuffers',
'GetConsoleMode',
'GetConsoleCP',
'SetStdHandle',
'SetFilePointer',
'InitializeCriticalSectionAndSpinCount',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'RtlPcToFileHeader',
'GetProcessHeap',
'HeapFree',
'LeaveCriticalSection',
'EnterCriticalSection',
'ShowWindow',
'GetDC',
'GetSystemMetrics',
'ReleaseDC',
'PostQuitMessage',
'SetTimer',
'DestroyIcon',
'KillTimer',
'CreatePopupMenu',
'AppendMenuA',
'SetForegroundWindow',
'TrackPopupMenu',
'CreateDialogParamA',
'GetDlgItem',
'SendMessageA',
'GetDesktopWindow',
'GetWindowRect',
'SetWindowTextA',
'RegisterClassA',
'CreateWindowExA',
'PostMessageA',
'DispatchMessageA',
'GetMessageA',
'DefWindowProcA',
'DestroyMenu',
'FindWindowA',
'SetWindowLongA',
'PostThreadMessageA',
'CharNextW',
'CharNextA',
'GetCursorPos',
'GetWindowLongA',
'wsprintfA',
'IsWindow',
'RegisterWindowMessageA',
'DestroyWindow',
'GetDIBits',
'CreateCompatibleDC',
'CreateCompatibleBitmap',
'SelectObject',
'SetBkColor',
'BitBlt',
'SetTextColor',
'DeleteDC',
'DeleteObject',
'RegDeleteKeyA',
'RegEnumKeyExA',
'RegQueryInfoKeyA',
'RegSetValueExA',
'RegCreateKeyExA',
'RegDeleteValueA',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegCloseKey',
'Shell_NotifyIconA',
'CoTaskMemFree',
'CoSuspendClassObjects',
'CoRevokeClassObject',
'CoTaskMemRealloc',
'CoCreateInstance',
'StringFromGUID2',
'CoUninitialize',
'CoInitialize',
'CLSIDFromProgID',
'CoRegisterClassObject',
'CoTaskMemAlloc',
'VarUI4FromStr',
'RegisterTypeLib',
'UnRegisterTypeLib',
'LoadTypeLib',
'SysAllocString',
'SysStringLen',
'SysFreeString',
'SysStringByteLen',
'SysAllocStringByteLen',
'VariantClear',
'StrStrIA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 172,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 2552,
'StackReserveSize': 1048576,
'filename': './data/malware/2f3a68fff0973a87198307b55c6680503fc8254bcb2d745e27b0d23343ce5f51'},
'2f6921f9135ee2ab2cbea588746648334d5596a6f40817a11b0268f9fe834afd': {'AddressOfEntryPoint': 1073808349,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 40960,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'HeapSize',
'USER32.dll': 'wsprintfW'},
'ImportedFunctions': ['GetModuleFileNameW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'CloseHandle',
'ReadFile',
'SetFilePointer',
'CreateFileW',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetLastError',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'GetModuleHandleA',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'MultiByteToWideChar',
'LCMapStringA',
'WideCharToMultiByte',
'LCMapStringW',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetStringTypeA',
'GetStringTypeW',
'LeaveCriticalSection',
'EnterCriticalSection',
'Sleep',
'GetLocaleInfoA',
'LoadLibraryA',
'InitializeCriticalSection',
'HeapReAlloc',
'HeapSize',
'wsprintfW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 68,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 176,
'StackReserveSize': 1048576,
'filename': './data/malware/2f6921f9135ee2ab2cbea588746648334d5596a6f40817a11b0268f9fe834afd'},
'2f6e2e657c9c15fb9828d2a6b473a77327a2f6b0e1e3d0a0975f2a5c7aed2d13': {'AddressOfEntryPoint': 51236,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 77824,
'ExportSize': 12984088,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'GetVolumeInformationA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'GetFileVersionInfoSizeA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['RegCloseKey',
'RegQueryInfoKeyA',
'GetTokenInformation',
'FreeSid',
'RegSetValueExA',
'LookupPrivilegeValueA',
'RegDeleteValueA',
'RegCreateKeyExA',
'AllocateAndInitializeSid',
'EqualSid',
'RegQueryValueExA',
'RegOpenKeyExA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'WritePrivateProfileStringA',
'LocalFree',
'FindFirstFileA',
'_lclose',
'DeleteFileA',
'lstrlenA',
'GetLastError',
'GetFileAttributesA',
'ExpandEnvironmentStringsA',
'GetProcAddress',
'_llseek',
'GetWindowsDirectoryA',
'RemoveDirectoryA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'FreeLibrary',
'GetModuleFileNameA',
'FindNextFileA',
'SetFileAttributesA',
'GlobalFree',
'GetCurrentProcess',
'FindClose',
'GetPrivateProfileStringA',
'CompareStringA',
'LoadLibraryA',
'GlobalAlloc',
'GlobalUnlock',
'GlobalLock',
'GetPrivateProfileIntA',
'_lopen',
'GetShortPathNameA',
'LoadLibraryExA',
'ExitProcess',
'CloseHandle',
'GetCurrentDirectoryA',
'WriteFile',
'DosDateTimeToFileTime',
'SetCurrentDirectoryA',
'CreateFileA',
'FindResourceA',
'GetDriveTypeA',
'GetVersionExA',
'SetFilePointer',
'GetVersion',
'FreeResource',
'GetTempPathA',
'GetTempFileNameA',
'CreateThread',
'ResetEvent',
'LocalFileTimeToFileTime',
'CreateDirectoryA',
'TerminateThread',
'LoadResource',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'LockResource',
'WaitForSingleObject',
'CreateProcessA',
'SetEvent',
'ReadFile',
'GetSystemInfo',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'Sleep',
'CreateMutexA',
'lstrcmpA',
'LocalAlloc',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'GetVolumeInformationA',
'GetDeviceCaps',
'CallWindowProcA',
'PeekMessageA',
'EnableWindow',
'SetWindowTextA',
'DispatchMessageA',
'MessageBoxA',
'SetForegroundWindow',
'SetWindowLongPtrA',
'MsgWaitForMultipleObjects',
'ShowWindow',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'GetDlgItem',
'SendMessageA',
'GetWindowRect',
'GetWindowLongPtrA',
'SendDlgItemMessageA',
'GetDC',
'SetWindowPos',
'SetDlgItemTextA',
'MessageBeep',
'CharUpperA',
'EndDialog',
'CharNextA',
'GetDesktopWindow',
'ExitWindowsEx',
'CharPrevA',
'LoadStringA',
'ReleaseDC',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'VerQueryValueA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 12985100,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 12985344,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/2f6e2e657c9c15fb9828d2a6b473a77327a2f6b0e1e3d0a0975f2a5c7aed2d13'},
'2fb0af0e0f164251f3c4a3cf24537ea4060dd897a497de68717edf018beaff47': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 168364,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 168448,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/2fb0af0e0f164251f3c4a3cf24537ea4060dd897a497de68717edf018beaff47'},
'2fe57b9024edd2c1c5c35dd1f03f88d45c194dd00bc7be12ae7d82a2a18a2e4f': {'AddressOfEntryPoint': 30369,
'DebugRVA': 46864,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'QueryServiceConfigW',
'COMCTL32.dll': 'CreateStatusWindowW',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'CreateDCW',
'KERNEL32.dll': 'UnhandledExceptionFilter',
'OLEAUT32.dll': 'SysAllocString',
'SHELL32.dll': 'DragAcceptFiles',
'SHLWAPI.dll': 'SHStrDupW',
'USER32.dll': 'GetClientRect',
'VERSION.dll': 'GetFileVersionInfoSizeExW',
'WINSPOOL.DRV': 'OpenPrinterW',
'msvcrt.dll': 'memcpy',
'ntdll.dll': 'WinSqmAddToStream',
'ole32.dll': 'CoInitialize'},
'ImportedFunctions': ['RegSetValueExW',
'RegQueryValueExW',
'RegCreateKeyW',
'RegCloseKey',
'RegOpenKeyExW',
'IsTextUnicode',
'CloseServiceHandle',
'OpenSCManagerW',
'OpenServiceW',
'QueryServiceConfigW',
'GetLocalTime',
'GetDateFormatW',
'GetTimeFormatW',
'GlobalLock',
'GlobalUnlock',
'GetUserDefaultUILanguage',
'HeapAlloc',
'GetCurrentProcess',
'HeapFree',
'GlobalAlloc',
'LoadLibraryW',
'Wow64DisableWow64FsRedirection',
'lstrcmpW',
'Wow64RevertWow64FsRedirection',
'GetFileAttributesW',
'GetModuleFileNameW',
'FreeLibraryAndExitThread',
'IsWow64Process',
'CreateThread',
'FindNLSString',
'UnmapViewOfFile',
'LocalReAlloc',
'MultiByteToWideChar',
'MapViewOfFile',
'CreateFileMappingW',
'GetFileInformationByHandle',
'SetEndOfFile',
'DeleteFileW',
'GetACP',
'WriteFile',
'SetLastError',
'WideCharToMultiByte',
'GetLastError',
'LocalSize',
'GetFullPathNameW',
'FoldStringW',
'LocalUnlock',
'LocalLock',
'FormatMessageW',
'FindClose',
'ReadFile',
'FindFirstFileW',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetTickCount',
'GetCurrentProcessId',
'HeapSetInformation',
'GetCommandLineW',
'lstrlenW',
'MulDiv',
'GetLocaleInfoW',
'GlobalFree',
'LocalAlloc',
'QueryPerformanceCounter',
'GetVersionExW',
'CloseHandle',
'GetModuleHandleW',
'SetUnhandledExceptionFilter',
'GetStartupInfoW',
'Sleep',
'CreateFileW',
'SetErrorMode',
'lstrcmpiW',
'LocalFree',
'GetProcessHeap',
'UnhandledExceptionFilter',
'StartPage',
'StartDocW',
'SetAbortProc',
'DeleteDC',
'EndDoc',
'AbortDoc',
'EndPage',
'GetTextMetricsW',
'SetBkMode',
'LPtoDP',
'SetWindowExtEx',
'SetViewportExtEx',
'SetMapMode',
'GetTextExtentPoint32W',
'TextOutW',
'EnumFontsW',
'GetTextFaceW',
'SelectObject',
'DeleteObject',
'CreateFontIndirectW',
'GetDeviceCaps',
'CreateDCW',
'GetDlgItemTextW',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgCtrlID',
'WinHelpW',
'GetCursorPos',
'ScreenToClient',
'ChildWindowFromPoint',
'GetParent',
'GetWindowPlacement',
'CharUpperW',
'GetSystemMenu',
'LoadAcceleratorsW',
'SetWindowLongW',
'RegisterWindowMessageW',
'LoadCursorW',
'CreateWindowExW',
'SetWindowPlacement',
'LoadImageW',
'RegisterClassExW',
'SetScrollPos',
'InvalidateRect',
'UpdateWindow',
'GetWindowTextLengthW',
'GetWindowLongW',
'PeekMessageW',
'SetDlgItemTextW',
'EnableWindow',
'CreateDialogParamW',
'DrawTextExW',
'GetSystemMetrics',
'SetWindowPos',
'GetAncestor',
'FindWindowW',
'SetForegroundWindow',
'OpenClipboard',
'GetMenuState',
'SetWindowTextW',
'UnhookWinEvent',
'DispatchMessageW',
'TranslateMessage',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetMessageW',
'SetWinEventHook',
'CharNextW',
'GetKeyboardLayout',
'GetForegroundWindow',
'MessageBeep',
'DestroyWindow',
'PostQuitMessage',
'IsIconic',
'DefWindowProcW',
'CloseClipboard',
'GetWindowTextW',
'IsClipboardFormatAvailable',
'LoadStringW',
'SetActiveWindow',
'SetCursor',
'ReleaseDC',
'GetDC',
'ShowWindow',
'CheckMenuItem',
'MessageBoxW',
'GetFocus',
'LoadIconW',
'DialogBoxParamW',
'SetFocus',
'GetSubMenu',
'EnableMenuItem',
'GetMenu',
'PostMessageW',
'MoveWindow',
'SendMessageW',
'GetClientRect',
'memset',
'_vsnwprintf',
'_wtol',
'iswctype',
'wcsrchr',
'wcsncmp',
'__getmainargs',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_initterm',
'_acmdln',
'exit',
'_cexit',
'__C_specific_handler',
'_XcptFilter',
'_exit',
'_ismbblead',
'?terminate@@YAXXZ',
'memcpy',
'CommDlgExtendedError',
'GetSaveFileNameW',
'ReplaceTextW',
'FindTextW',
'PageSetupDlgW',
'ChooseFontW',
'GetFileTitleW',
'PrintDlgExW',
'GetOpenFileNameW',
'SHGetFolderPathW',
'ShellExecuteExW',
'DragFinish',
'SHCreateItemFromParsingName',
'ShellAboutW',
'DragQueryFileW',
'SHAddToRecentDocs',
'DragAcceptFiles',
'GetPrinterDriverW',
'ClosePrinter',
'OpenPrinterW',
'CoUninitialize',
'CoInitializeEx',
'CoCreateInstance',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CoInitialize',
'PathIsFileSpecW',
'SHStrDupW',
'CreatePropertySheetPageW',
'PropertySheetW',
'CreateStatusWindowW',
'SysFreeString',
'SysAllocString',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'RtlInitUnicodeString',
'NtQueryLicenseValue',
'WinSqmIncrementDWORD',
'WinSqmAddToStream',
'VerQueryValueW',
'GetFileVersionInfoExW',
'GetFileVersionInfoSizeExW'],
'LinkerVersion': 9,
'NumberOfImportDLL': 14,
'NumberOfImportFunctions': 239,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 127328,
'SectionNames': {'.data\x00\x00\x00': 6144,
'.pdata\x00\x00': 2048,
'.rdata\x00\x00': 12800,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 127488,
'.text\x00\x00\x00': 43008},
'StackReserveSize': 524288,
'filename': './data/malware/2fe57b9024edd2c1c5c35dd1f03f88d45c194dd00bc7be12ae7d82a2a18a2e4f'},
'317849c236aa238bd3287ed58effeef15db1c7d63cf54bbbba1f88b3d97d6c7a': {'AddressOfEntryPoint': 18492,
'DebugRVA': 49776,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'HeapReAlloc'},
'ImportedFunctions': ['WriteProcessMemory',
'VirtualProtectEx',
'GetProcAddress',
'GetModuleHandleW',
'ReadProcessMemory',
'WideCharToMultiByte',
'OpenProcess',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'GetLastError',
'FlsAlloc',
'HeapAlloc',
'HeapFree',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'Sleep',
'ExitProcess',
'GetModuleFileNameW',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'LoadLibraryA',
'GetLocaleInfoA',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'InitializeCriticalSectionAndSpinCount',
'HeapReAlloc'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 65,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1424,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 14848,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 42496},
'StackReserveSize': 1048576,
'filename': './data/malware/317849c236aa238bd3287ed58effeef15db1c7d63cf54bbbba1f88b3d97d6c7a'},
'317d12da8444f3bd33fdad54b20cf25b2ccc7826e8f6ee03d28f4831beac3045': {'AddressOfEntryPoint': 1074327305,
'DebugRVA': 452544,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 556736,
'ExportSize': 251,
'IATRVA': 450560,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'CopySid',
'KERNEL32.dll': 'RaiseException',
'SHELL32.dll': 'SHGetFolderPathW',
'SHLWAPI.dll': 'PathFileExistsW',
'USER32.dll': 'CharUpperW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WINMM.dll': 'timeGetTime'},
'ImportedFunctions': ['PathRemoveFileSpecW',
'PathFileExistsW',
'GetTickCount',
'TerminateProcess',
'GetCurrentProcess',
'EnterCriticalSection',
'LeaveCriticalSection',
'SetInformationJobObject',
'WaitForSingleObject',
'SetLastError',
'GetLastError',
'InitializeCriticalSection',
'TerminateJobObject',
'SetEvent',
'GetQueuedCompletionStatus',
'ResetEvent',
'DuplicateHandle',
'GetCurrentThreadId',
'CreateThread',
'CreateEventW',
'CreateIoCompletionPort',
'DeleteCriticalSection',
'PostQueuedCompletionStatus',
'SignalObjectAndWait',
'SetHandleInformation',
'GetProcessHandleCount',
'VirtualFree',
'FreeLibrary',
'LoadLibraryW',
'WriteProcessMemory',
'MapViewOfFile',
'CreateFileMappingW',
'GetExitCodeProcess',
'GetThreadContext',
'AssignProcessToJobObject',
'UnregisterWaitEx',
'RegisterWaitForSingleObject',
'VirtualFreeEx',
'VirtualAllocEx',
'VirtualProtectEx',
'GetLongPathNameW',
'GetFileAttributesW',
'GetModuleHandleW',
'CreateFileW',
'QueryDosDeviceW',
'CreateJobObjectW',
'CreateMutexW',
'GetCurrentProcessId',
'CreateNamedPipeW',
'OpenEventW',
'SearchPathW',
'DebugBreak',
'lstrlenW',
'WideCharToMultiByte',
'VirtualQuery',
'ReadProcessMemory',
'GetCurrentDirectoryW',
'ReleaseMutex',
'SetFilePointer',
'WriteFile',
'OutputDebugStringA',
'FormatMessageA',
'ExpandEnvironmentStringsW',
'ReadFile',
'VirtualAlloc',
'SetEnvironmentVariableW',
'MultiByteToWideChar',
'GetUserDefaultLangID',
'GetNativeSystemInfo',
'GetVersionExW',
'GetUserDefaultUILanguage',
'IsDebuggerPresent',
'InitializeCriticalSectionAndSpinCount',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'QueryPerformanceFrequency',
'FlushFileBuffers',
'RtlCaptureStackBackTrace',
'TlsGetValue',
'TlsFree',
'TlsSetValue',
'TlsAlloc',
'GetStdHandle',
'HeapSetInformation',
'ReleaseSemaphore',
'CreateSemaphoreW',
'WaitNamedPipeW',
'WaitForMultipleObjects',
'TransactNamedPipe',
'SetNamedPipeHandleState',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlUnwindEx',
'GetStartupInfoW',
'HeapFree',
'GetConsoleCP',
'GetConsoleMode',
'HeapAlloc',
'SetStdHandle',
'GetFileType',
'HeapReAlloc',
'GetCPInfo',
'RtlPcToFileHeader',
'LCMapStringA',
'LCMapStringW',
'GetModuleFileNameA',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'HeapCreate',
'HeapSize',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetTimeZoneInformation',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'LoadLibraryA',
'GetStringTypeA',
'GetStringTypeW',
'GetUserDefaultLCID',
'GetLocaleInfoA',
'EnumSystemLocalesA',
'IsValidLocale',
'GetLocaleInfoW',
'CreateFileA',
'CompareStringA',
'CompareStringW',
'SetEnvironmentVariableA',
'QueueUserWorkItem',
'GetTempPathW',
'LocalFree',
'GetCommandLineW',
'CreateProcessW',
'CloseHandle',
'SetUnhandledExceptionFilter',
'ExitProcess',
'Sleep',
'GetModuleHandleA',
'GetProcAddress',
'SetCurrentDirectoryW',
'LoadLibraryExW',
'GetEnvironmentVariableW',
'GetModuleFileNameW',
'GetSystemDirectoryW',
'GetWindowsDirectoryW',
'RaiseException',
'CloseDesktop',
'CloseWindowStation',
'CreateWindowStationW',
'GetProcessWindowStation',
'CreateDesktopW',
'SetProcessWindowStation',
'GetThreadDesktop',
'GetUserObjectInformationW',
'MessageBoxW',
'CharUpperW',
'CommandLineToArgvW',
'SHGetFolderPathW',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'RegCloseKey',
'RegDisablePredefinedCache',
'RevertToSelf',
'SetSecurityInfo',
'GetSecurityDescriptorSacl',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'SetTokenInformation',
'GetLengthSid',
'ConvertStringSidToSidW',
'OpenProcessToken',
'SetThreadToken',
'CreateProcessAsUserW',
'RegCreateKeyExW',
'CreateRestrictedToken',
'DuplicateTokenEx',
'DuplicateToken',
'EqualSid',
'GetTokenInformation',
'LookupPrivilegeValueW',
'RegOpenKeyExW',
'TraceEvent',
'UnregisterTraceGuids',
'RegisterTraceGuidsW',
'GetTraceLoggerHandle',
'GetTraceEnableFlags',
'GetTraceEnableLevel',
'ConvertSidToStringSidW',
'RegSetValueExW',
'RegDeleteValueW',
'RegEnumKeyExW',
'RegQueryValueExW',
'RegQueryInfoKeyW',
'SetEntriesInAclW',
'GetSecurityInfo',
'CreateWellKnownSid',
'CopySid'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 213,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 2004,
'StackReserveSize': 1048576,
'filename': './data/malware/317d12da8444f3bd33fdad54b20cf25b2ccc7826e8f6ee03d28f4831beac3045'},
'318cba67eaf945c667019f2d3d5a88f4850d27aa153e8718668c60debb54a2b4': {'AddressOfEntryPoint': 11712,
'DebugRVA': 13920,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 27136,
'ExportSize': 107,
'IATRVA': 16384,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'API-MS-Win-Core-ErrorHandling-L1-1-0.dll': 'SetErrorMode',
'API-MS-Win-Core-Handle-L1-1-0.dll': 'CloseHandle',
'API-MS-Win-Core-LibraryLoader-L1-1-0.dll': 'GetModuleHandleW',
'API-MS-Win-Core-LocalRegistry-L1-1-0.dll': 'RegQueryValueExW',
'API-MS-Win-Core-Misc-L1-1-0.dll': 'Sleep',
'API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll': 'GetEnvironmentVariableW',
'API-MS-Win-Core-ProcessThreads-L1-1-0.dll': 'TerminateProcess',
'API-MS-Win-Core-Profile-L1-1-0.dll': 'QueryPerformanceCounter',
'API-MS-Win-Core-Synch-L1-1-0.dll': 'OpenEventW',
'API-MS-Win-Core-SysInfo-L1-1-0.dll': 'GetTickCount',
'API-MS-Win-Security-Base-L1-1-0.dll': 'GetTokenInformation',
'RPCRT4.dll': 'RpcServerUseProtseqEpW',
'SspiSrv.dll': 'SspiSrvClientCallback',
'msvcrt.dll': '_vsnprintf_s',
'ntdll.dll': 'RtlCaptureContext'},
'ImportedFunctions': ['__setusermatherr',
'_amsg_exit',
'_initterm',
'memcpy',
'exit',
'_commode',
'_fmode',
'?terminate@@YAXXZ',
'memset',
'__set_app_type',
'_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'strcpy_s',
'_vsnprintf_s',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'NtListenPort',
'NtAcceptConnectPort',
'NtRequestWaitReplyPort',
'NtConnectPort',
'NtReplyWaitReceivePort',
'NtCreatePort',
'NtCompleteConnectPort',
'NtSetSecurityObject',
'RtlInitializeSid',
'RtlAllocateHeap',
'NtOpenEvent',
'RtlFreeHeap',
'RtlLengthRequiredSid',
'RtlSubAuthoritySid',
'RtlNtStatusToDosError',
'RtlSetOwnerSecurityDescriptor',
'RtlCreateSecurityDescriptor',
'RtlLengthSid',
'NtOpenFile',
'RtlAllocateAndInitializeSid',
'RtlMakeSelfRelativeSD',
'NtSetInformationProcess',
'RtlSetSaclSecurityDescriptor',
'RtlAddAccessAllowedAce',
'RtlUnhandledExceptionFilter',
'NtSetInformationFile',
'RtlInitUnicodeString',
'RtlSetDaclSecurityDescriptor',
'RtlCreateAcl',
'NtDeviceIoControlFile',
'RtlSetProcessIsCritical',
'RtlAddMandatoryAce',
'DbgPrintEx',
'RtlCaptureContext',
'I_RpcMapWin32Status',
'RpcServerRegisterIf2',
'NdrServerCallAll',
'NdrServerCall2',
'RpcServerListen',
'RpcServerUseProtseqEpW',
'SspiSrvInitialize',
'SspiSrvClientCallback',
'UnhandledExceptionFilter',
'SetLastError',
'GetLastError',
'SetUnhandledExceptionFilter',
'SetErrorMode',
'CloseHandle',
'LoadLibraryExW',
'GetProcAddress',
'GetModuleHandleW',
'RegOpenKeyExW',
'RegCloseKey',
'RegQueryValueExW',
'LocalAlloc',
'LocalFree',
'Sleep',
'SetEnvironmentVariableW',
'GetEnvironmentVariableW',
'OpenProcessToken',
'GetCurrentProcess',
'ExitThread',
'CreateThread',
'GetCurrentThreadId',
'GetCurrentProcessId',
'TerminateProcess',
'QueryPerformanceCounter',
'SetEvent',
'CreateEventW',
'OpenEventW',
'GetSystemTimeAsFileTime',
'GetTickCount',
'GetTokenInformation'],
'LinkerVersion': 9,
'NumberOfImportDLL': 15,
'NumberOfImportFunctions': 92,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1792,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 15360,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 10240},
'StackReserveSize': 524288,
'filename': './data/malware/318cba67eaf945c667019f2d3d5a88f4850d27aa153e8718668c60debb54a2b4'},
'321fc8782390b7e99a8cc946a299fe8bcb4f0a2569ea2541ae1c8e1b0659a37c': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'InitializeSecurityDescriptor',
'KERNEL32.dll': 'FindFirstFileA',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'SendDlgItemMessageA',
'msvcrt.dll': '_vsnprintf',
'ntdll.dll': 'NtShutdownSystem'},
'ImportedFunctions': ['__initenv',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'strncpy',
'strstr',
'_strlwr',
'strrchr',
'__getmainargs',
'_strnicmp',
'_wcsicmp',
'towlower',
'strchr',
'memset',
'tolower',
'memcpy',
'_snprintf',
'sprintf',
'free',
'malloc',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_stricmp',
'_vsnprintf',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'CryptAcquireContextA',
'CryptGenRandom',
'CryptReleaseContext',
'AllocateAndInitializeSid',
'OpenProcessToken',
'GetTokenInformation',
'GetLengthSid',
'InitiateSystemShutdownA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'InitializeSecurityDescriptor',
'CreateThread',
'GetFileSize',
'CreateProcessA',
'GetExitCodeProcess',
'DosDateTimeToFileTime',
'LocalFileTimeToFileTime',
'InitializeCriticalSectionAndSpinCount',
'SetEndOfFile',
'GetCurrentDirectoryA',
'QueryDosDeviceA',
'GetDiskFreeSpaceA',
'GetSystemTime',
'CreateEventA',
'SetFileAttributesA',
'CopyFileA',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SystemTimeToFileTime',
'GetProcessHeap',
'FindClose',
'FindNextFileA',
'SetFileTime',
'Sleep',
'GetVersionExA',
'ReadFile',
'SetFilePointer',
'MoveFileExA',
'RemoveDirectoryA',
'GetLastError',
'CreateDirectoryA',
'GetTickCount',
'SetErrorMode',
'CloseHandle',
'DeviceIoControl',
'CreateFileA',
'GetDriveTypeA',
'HeapFree',
'FormatMessageA',
'LeaveCriticalSection',
'DeleteFileA',
'EnterCriticalSection',
'TerminateProcess',
'WaitForMultipleObjects',
'CreateEventW',
'SetEvent',
'GetModuleFileNameA',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'WideCharToMultiByte',
'HeapAlloc',
'SetLastError',
'WriteFile',
'GetProcAddress',
'LoadLibraryA',
'GetSystemDirectoryA',
'FreeLibrary',
'MoveFileA',
'ExpandEnvironmentStringsA',
'ExitProcess',
'DeleteCriticalSection',
'FlushFileBuffers',
'WaitForSingleObject',
'OpenEventA',
'GetCurrentProcess',
'GetFileAttributesA',
'GetCommandLineA',
'FindFirstFileA',
'NtOpenProcessToken',
'NtAdjustPrivilegesToken',
'NtClose',
'NtShutdownSystem',
'ShowWindow',
'SendMessageA',
'DialogBoxParamA',
'MessageBoxA',
'SetParent',
'EndDialog',
'LoadStringA',
'SendDlgItemMessageA',
'SHBrowseForFolderA',
'SHGetPathFromIDListA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 133,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 9628,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 15453184,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/321fc8782390b7e99a8cc946a299fe8bcb4f0a2569ea2541ae1c8e1b0659a37c'},
'32a973ce00bf7502162ec5039a78fe6fc644ae0e999b889ba805476b54c801f9': {'AddressOfEntryPoint': 1073894965,
'DebugRVA': 95200,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 94208,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegEnumValueW',
'IMM32.dll': 'ImmInstallIMEW',
'KERNEL32.dll': 'GetConsoleMode',
'SHLWAPI.dll': 'PathFileExistsW',
'USER32.dll': 'MessageBoxW',
'VERSION.dll': 'VerQueryValueW'},
'ImportedFunctions': ['GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'PathFileExistsW',
'ImmInstallIMEW',
'WideCharToMultiByte',
'GetLastError',
'CopyFileW',
'GetSystemDirectoryW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'GetCurrentProcess',
'CreateProcessW',
'CloseHandle',
'CreateFileW',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'HeapReAlloc',
'InitializeCriticalSection',
'LoadLibraryA',
'HeapSize',
'DeleteFileW',
'MoveFileExW',
'GetModuleFileNameW',
'WriteConsoleW',
'GetFileTime',
'CreateFileA',
'FlushFileBuffers',
'ReadFile',
'FlsGetValue',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RaiseException',
'RtlPcToFileHeader',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoW',
'RtlVirtualUnwind',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'GetModuleHandleA',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'MultiByteToWideChar',
'LCMapStringA',
'LCMapStringW',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'GetStringTypeA',
'GetStringTypeW',
'Sleep',
'GetLocaleInfoA',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'LoadKeyboardLayoutW',
'UnloadKeyboardLayout',
'MessageBoxW',
'RegDeleteValueW',
'RegEnumKeyExW',
'RegCreateKeyW',
'RegSetValueExW',
'RegDeleteKeyW',
'RegOpenKeyExW',
'RegEnumKeyW',
'RegOpenKeyW',
'RegQueryValueExW',
'RegCloseKey',
'RegEnumValueW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 103,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 20028,
'StackReserveSize': 1048576,
'filename': './data/malware/32a973ce00bf7502162ec5039a78fe6fc644ae0e999b889ba805476b54c801f9'},
'32cc654cc4073e9dcaf78cf6aa3a49215b24f51e351f121752e3f7dc118a5b36': {'AddressOfEntryPoint': 22268,
'DebugRVA': 124304,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 122880,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'MD5Init',
'GDI32.dll': 'SetTextColor',
'KERNEL32.dll': 'GetModuleHandleW',
'OLEAUT32.dll': 'LoadTypeLibEx',
'RPCRT4.dll': 'UuidCreateSequential',
'SHELL32.dll': 'ShellExecuteExW',
'USER32.dll': 'SetWindowTextW',
'WS2_32.dll': 'WSACleanup',
'ntdll.dll': '__chkstk',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['ZwCreateSection',
'ZwOpenFile',
'RtlDosPathNameToNtPathName_U',
'LdrFindEntryForAddress',
'RtlImageNtHeader',
'LdrAccessResource',
'LdrFindResource_U',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'RtlFreeUnicodeString',
'ZwCreateKey',
'ZwSetValueKey',
'ZwQueryValueKey',
'ZwDeleteValueKey',
'ZwFlushKey',
'ZwEnumerateKey',
'ZwDeleteKey',
'memcmp',
'ZwOpenTimer',
'ZwSetTimer',
'ZwDeleteFile',
'memcpy',
'RtlIpv4StringToAddressW',
'RtlIpv4AddressToStringA',
'memset',
'ZwWriteFile',
'strtoul',
'ZwCreateFile',
'ZwQueryInformationFile',
'ZwSetInformationFile',
'RtlIpv4AddressToStringExA',
'ZwQueryInformationProcess',
'RtlGetCurrentPeb',
'RtlPrefixUnicodeString',
'RtlNtStatusToDosError',
'LdrUnloadDll',
'LdrAddRefDll',
'sprintf',
'strlen',
'ZwRaiseHardError',
'wcsstr',
'RtlAdjustPrivilege',
'LdrLoadDll',
'RtlInitUnicodeString',
'wcscpy',
'ZwClose',
'ZwQueryKey',
'ZwImpersonateThread',
'ZwOpenThread',
'ZwOpenKey',
'RtlComputeCrc32',
'wcslen',
'swprintf',
'ZwSetContextThread',
'ZwProtectVirtualMemory',
'ZwWaitForSingleObject',
'ZwGetContextThread',
'RtlExitUserThread',
'RtlCreateUserThread',
'ZwDuplicateObject',
'ZwOpenProcess',
'RtlEqualUnicodeString',
'ZwQuerySystemInformation',
'ZwResumeThread',
'ZwQueueApcThread',
'ZwAllocateVirtualMemory',
'ZwSetInformationToken',
'ZwDuplicateToken',
'ZwAdjustPrivilegesToken',
'ZwOpenThreadTokenEx',
'ZwWriteVirtualMemory',
'ZwReadVirtualMemory',
'wcschr',
'__chkstk',
'SetThreadLocale',
'CreateTimerQueueTimer',
'DeleteTimerQueueTimer',
'GetSystemTimeAsFileTime',
'GetLastError',
'BindIoCompletionCallback',
'WideCharToMultiByte',
'CopyFileW',
'CreateProcessW',
'ExitThread',
'GetCommandLineW',
'LoadLibraryW',
'VirtualProtect',
'LoadLibraryExW',
'ExitProcess',
'FreeLibraryAndExitThread',
'Sleep',
'GetSystemDefaultLangID',
'GetVersion',
'LocalFree',
'LocalAlloc',
'VirtualAlloc',
'VirtualFree',
'FormatMessageW',
'GetModuleHandleW',
'MD5Update',
'MD5Final',
'CreateProcessAsUserW',
'RegisterServiceCtrlHandlerExW',
'SetServiceStatus',
'StartServiceCtrlDispatcherW',
'MD5Init',
'GetWindowLongW',
'SetDlgItemTextW',
'SetWindowPos',
'LoadIconW',
'SetWindowLongW',
'GetWindowLongPtrW',
'SetWindowLongPtrW',
'DialogBoxParamW',
'PostMessageW',
'EndDialog',
'SendMessageW',
'GetClientRect',
'FindWindowW',
'GetDlgItem',
'MessageBoxW',
'GetSystemMetrics',
'CreateWindowExW',
'AdjustWindowRect',
'DefWindowProcW',
'PostQuitMessage',
'DestroyWindow',
'OpenDesktopW',
'SetThreadDesktop',
'DestroyIcon',
'UnregisterClassW',
'DispatchMessageW',
'TranslateMessage',
'GetActiveWindow',
'GetMessageW',
'RegisterClassW',
'LoadCursorW',
'SetWindowTextW',
'UuidCreateSequential',
'GetStockObject',
'SetBkColor',
'SetTextColor',
'ShellExecuteExW',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'SysAllocString',
'SysFreeString',
'VariantClear',
'LoadTypeLibEx',
'WSAStartup',
'WSASocketW',
'WSAGetLastError',
'closesocket',
'bind',
'WSAIoctl',
'WSARecv',
'WSASend',
'setsockopt',
'WSASendTo',
'WSARecvFrom',
'WSACleanup'],
'LinkerVersion': 9,
'NumberOfImportDLL': 12,
'NumberOfImportFunctions': 162,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 10104,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 14336,
'.rsrc\x00\x00\x00': 10240,
'.text\x00\x00\x00': 115200},
'StackReserveSize': 1048576,
'filename': './data/malware/32cc654cc4073e9dcaf78cf6aa3a49215b24f51e351f121752e3f7dc118a5b36'},
'32cf4fe1bf38926e63376417b3f8ce2d2c591fd3539839892708b11807ebac23': {'AddressOfEntryPoint': 249024,
'DebugRVA': 368272,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 364544,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'COMCTL32.dll': 'InitCommonControlsEx',
'COMDLG32.dll': 'GetFileTitleW',
'GDI32.dll': 'PtVisible',
'KERNEL32.dll': 'GetCommandLineW',
'MSIMG32.dll': 'AlphaBlend',
'OLEAUT32.dll': 'SysFreeString',
'PROPSYS.dll': 'PropVariantToString',
'SETUPAPI.dll': 'SetupDiGetDeviceInstanceIdW',
'SHLWAPI.dll': 'PathIsUNCW',
'USER32.dll': 'UnregisterClassA',
'WINSPOOL.DRV': 'ClosePrinter',
'gdiplus.dll': 'GdipGetImageWidth',
'ole32.dll': 'CreateStreamOnHGlobal',
'oledlg.dll': 'OleUIBusyW'},
'ImportedFunctions': ['PropVariantCompareEx',
'PropVariantToUInt32',
'PropVariantToString',
'SetupDiEnumDeviceInfo',
'SetupDiEnumDeviceInterfaces',
'SetupDiGetDeviceInterfaceDetailW',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetClassDevsW',
'SetupDiGetDeviceInstanceIdW',
'GetFullPathNameW',
'SetErrorMode',
'GetTickCount',
'FileTimeToLocalFileTime',
'GetFileAttributesW',
'GetFileTime',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoW',
'VirtualProtect',
'VirtualAlloc',
'VirtualQuery',
'RaiseException',
'RtlPcToFileHeader',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'HeapReAlloc',
'ExitThread',
'ExitProcess',
'HeapSize',
'SetUnhandledExceptionFilter',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetVolumeInformationW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'LCMapStringA',
'LCMapStringW',
'Sleep',
'GetTimeZoneInformation',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEnvironmentVariableA',
'FindFirstFileW',
'FindClose',
'GetFileSize',
'SetEndOfFile',
'UnlockFile',
'LockFile',
'FlushFileBuffers',
'SetFilePointer',
'WriteFile',
'ReadFile',
'GlobalFlags',
'FileTimeToSystemTime',
'GetThreadLocale',
'lstrlenA',
'TlsFree',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'TlsGetValue',
'WritePrivateProfileStringW',
'GetPrivateProfileIntW',
'GetCurrentThread',
'ConvertDefaultLocale',
'GetVersion',
'EnumResourceLanguagesW',
'lstrcmpA',
'GetLocaleInfoW',
'CompareStringA',
'SuspendThread',
'SetThreadPriority',
'GetCurrentProcessId',
'GetModuleFileNameW',
'FreeResource',
'GlobalAddAtomW',
'GlobalFindAtomW',
'GlobalDeleteAtom',
'LoadLibraryW',
'FreeLibrary',
'CompareStringW',
'LoadLibraryA',
'lstrcmpW',
'GetModuleHandleW',
'GetVersionExA',
'GetModuleHandleA',
'GetProcAddress',
'FormatMessageW',
'MulDiv',
'MultiByteToWideChar',
'lstrlenW',
'WideCharToMultiByte',
'SetLastError',
'LocalFree',
'LocalAlloc',
'CreateMutexW',
'DuplicateHandle',
'GetExitCodeThread',
'ResumeThread',
'GetCurrentProcess',
'DeleteCriticalSection',
'InitializeCriticalSection',
'FindResourceExW',
'GetSystemInfo',
'GetUserDefaultUILanguage',
'LeaveCriticalSection',
'EnterCriticalSection',
'GlobalFree',
'GlobalUnlock',
'GlobalLock',
'GlobalAlloc',
'WaitForMultipleObjects',
'WaitForSingleObject',
'SetEvent',
'CreateThread',
'CreateEventW',
'DeviceIoControl',
'GetCurrentThreadId',
'GetLastError',
'CreateFileW',
'CloseHandle',
'LockResource',
'SizeofResource',
'LoadResource',
'FindResourceW',
'GetCommandLineW',
'MessageBeep',
'CharUpperW',
'RegisterClipboardFormatW',
'PostThreadMessageW',
'SetCursor',
'PostQuitMessage',
'CreateDialogIndirectParamW',
'GetNextDlgTabItem',
'EndDialog',
'SetMenuItemBitmaps',
'GetMenuCheckMarkDimensions',
'LoadBitmapW',
'ModifyMenuW',
'EnableMenuItem',
'CheckMenuItem',
'GetMessageW',
'TranslateMessage',
'GetActiveWindow',
'GetCursorPos',
'ValidateRect',
'MoveWindow',
'SetWindowTextW',
'IsDialogMessageW',
'IsWindowEnabled',
'RegisterWindowMessageW',
'SendDlgItemMessageA',
'SendDlgItemMessageW',
'WinHelpW',
'IsChild',
'GetCapture',
'SetWindowsHookExW',
'CallNextHookEx',
'GetClassNameW',
'GetClassLongPtrW',
'SetPropW',
'GetPropW',
'RemovePropW',
'GetFocus',
'IsWindow',
'SetFocus',
'GetWindowTextLengthW',
'GetNextDlgGroupItem',
'GetLastActivePopup',
'SetActiveWindow',
'DispatchMessageW',
'GetDlgItem',
'GetTopWindow',
'DestroyWindow',
'GetWindowLongPtrW',
'SetWindowLongPtrW',
'UnhookWindowsHookEx',
'GetMessageTime',
'GetMessagePos',
'PeekMessageW',
'UnregisterClassW',
'IsWindowVisible',
'GetMenu',
'MessageBoxW',
'CreateWindowExW',
'GetClassInfoExW',
'GetClassInfoW',
'RegisterClassW',
'AdjustWindowRectEx',
'EqualRect',
'PtInRect',
'GetDlgCtrlID',
'DefWindowProcW',
'CallWindowProcW',
'SetWindowLongW',
'OffsetRect',
'IntersectRect',
'SystemParametersInfoA',
'IsIconic',
'GetWindowPlacement',
'GetSystemMetrics',
'EndPaint',
'BeginPaint',
'GetWindowDC',
'ReleaseDC',
'GetDC',
'ClientToScreen',
'ScreenToClient',
'GrayStringW',
'DrawTextExW',
'TabbedTextOutW',
'GetMenuState',
'GetMenuItemID',
'GetMenuItemCount',
'GetSubMenu',
'LoadIconW',
'KillTimer',
'InvalidateRgn',
'IsRectEmpty',
'CopyAcceleratorTableW',
'CharNextW',
'SetTimer',
'UnregisterDeviceNotification',
'ReleaseCapture',
'SetCapture',
'GetWindowTextW',
'RegisterDeviceNotificationW',
'FindWindowExW',
'SetWindowPos',
'EnableWindow',
'DrawFocusRect',
'InflateRect',
'SetRect',
'CopyRect',
'RedrawWindow',
'GetSysColorBrush',
'DrawTextW',
'SendMessageW',
'GetDesktopWindow',
'GetWindow',
'GetWindowRect',
'PostMessageW',
'EnumThreadWindows',
'InvalidateRect',
'SetForegroundWindow',
'GetForegroundWindow',
'GetWindowThreadProcessId',
'UpdateWindow',
'ShowWindow',
'GetWindowLongW',
'SystemParametersInfoW',
'GetSysColor',
'GetClientRect',
'GetParent',
'DestroyMenu',
'LoadCursorW',
'SetWindowContextHelpId',
'MapDialogRect',
'MapWindowPoints',
'GetKeyState',
'UnregisterClassA',
'ScaleViewportExtEx',
'SetWindowExtEx',
'ScaleWindowExtEx',
'ExtSelectClipRgn',
'CreateBitmap',
'SetViewportExtEx',
'SetViewportOrgEx',
'CreateRectRgnIndirect',
'GetBkColor',
'GetTextColor',
'GetRgnBox',
'OffsetViewportOrgEx',
'Escape',
'ExtTextOutW',
'TextOutW',
'RectVisible',
'GetMapMode',
'GetObjectW',
'SetDIBColorTable',
'CreateCompatibleBitmap',
'DeleteObject',
'CreateDIBSection',
'SelectObject',
'CreateFontW',
'BitBlt',
'CreateCompatibleDC',
'DeleteDC',
'GetClipBox',
'SetMapMode',
'SetTextColor',
'SetBkMode',
'SetBkColor',
'RestoreDC',
'SaveDC',
'GetDeviceCaps',
'GetWindowExtEx',
'GetStockObject',
'GetViewportExtEx',
'PtVisible',
'AlphaBlend',
'GetFileTitleW',
'OpenPrinterW',
'DocumentPropertiesW',
'ClosePrinter',
'RegSetValueExW',
'RegQueryValueW',
'RegEnumKeyW',
'RegDeleteKeyW',
'RegCloseKey',
'RegCreateKeyExW',
'RegOpenKeyW',
'RegNotifyChangeKeyValue',
'RegQueryValueExW',
'RegOpenKeyExW',
'InitCommonControlsEx',
'PathFindFileNameW',
'PathStripToRootW',
'PathFindExtensionW',
'PathIsUNCW',
'OleUIBusyW',
'CoInitializeEx',
'CoUninitialize',
'PropVariantCopy',
'FreePropVariantArray',
'CoFreeUnusedLibrariesEx',
'StringFromGUID2',
'PropVariantClear',
'CoTaskMemFree',
'CLSIDFromString',
'CoCreateInstance',
'CoTaskMemAlloc',
'CLSIDFromProgID',
'CoGetClassObject',
'StgOpenStorageOnILockBytes',
'StgCreateDocfileOnILockBytes',
'CreateILockBytesOnHGlobal',
'OleUninitialize',
'CoFreeUnusedLibraries',
'OleInitialize',
'CoRevokeClassObject',
'CoRegisterMessageFilter',
'OleFlushClipboard',
'OleIsCurrentClipboard',
'CreateStreamOnHGlobal',
'SysAllocString',
'OleCreateFontIndirect',
'SystemTimeToVariantTime',
'VariantTimeToSystemTime',
'SafeArrayDestroy',
'SysStringLen',
'VariantCopy',
'VariantInit',
'VariantChangeType',
'VariantClear',
'SysAllocStringLen',
'SysFreeString',
'GdipFree',
'GdiplusStartup',
'GdipCloneImage',
'GdipBitmapUnlockBits',
'GdipBitmapLockBits',
'GdipCreateBitmapFromScan0',
'GdiplusShutdown',
'GdipDrawImageI',
'GdipGetImagePalette',
'GdipGetImagePaletteSize',
'GdipGetImagePixelFormat',
'GdipDisposeImage',
'GdipAlloc',
'GdipGetImageGraphicsContext',
'GdipDeleteGraphics',
'GdipCreateBitmapFromStream',
'GdipGetImageHeight',
'GdipGetImageWidth'],
'LinkerVersion': 8,
'NumberOfImportDLL': 15,
'NumberOfImportFunctions': 409,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 328928,
'SectionNames': {'.data\x00\x00\x00': 18432,
'.pdata\x00\x00': 26624,
'.rdata\x00\x00': 121344,
'.rsrc\x00\x00\x00': 329216,
'.text\x00\x00\x00': 359936},
'StackReserveSize': 1048576,
'filename': './data/malware/32cf4fe1bf38926e63376417b3f8ce2d2c591fd3539839892708b11807ebac23'},
'331f801955c58276a8151065aa3011bc26bd95fcfbdebd26d20b0fe6ce0905e1': {'AddressOfEntryPoint': 52012,
'DebugRVA': 140480,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 139264,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'EnterCriticalSection'},
'ImportedFunctions': ['OpenProcess',
'OpenEventA',
'ResetEvent',
'Sleep',
'CreateFileA',
'CloseHandle',
'SetEvent',
'GetCurrentProcessId',
'GetTickCount',
'GetModuleFileNameA',
'SetUnhandledExceptionFilter',
'GetCurrentThreadId',
'DeleteCriticalSection',
'InitializeCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 16,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1840,
'SectionNames': {'.data\x00\x00\x00': 11264,
'.pdata\x00\x00': 9216,
'.rdata\x00\x00': 40960,
'.reloc\x00\x00': 2560,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 132096},
'StackReserveSize': 1048576,
'filename': './data/malware/331f801955c58276a8151065aa3011bc26bd95fcfbdebd26d20b0fe6ce0905e1'},
'3344c73616af23482450024453d7f88fd11e1cb2e7f1972b5ac406f4532068ce': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 812584,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 813056,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/3344c73616af23482450024453d7f88fd11e1cb2e7f1972b5ac406f4532068ce'},
'335eeb80174bf8d034cbf23c7d2a41ec1413017db0a9c23f5dd4fce0847f4009': {'AddressOfEntryPoint': 13528,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 40960,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'HeapReAlloc',
'PSAPI.DLL': 'EnumProcessModules',
'SHLWAPI.dll': 'StrCmpW'},
'ImportedFunctions': ['GetProcAddress',
'FreeLibrary',
'GetLastError',
'GetModuleFileNameW',
'CreateFileW',
'CreateThread',
'LoadLibraryW',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'CloseHandle',
'OpenProcess',
'GetCurrentProcess',
'Sleep',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'EncodePointer',
'DecodePointer',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'LCMapStringW',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetStringTypeW',
'HeapReAlloc',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken',
'GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'StrCmpW'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4096,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 17408,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 36864},
'StackReserveSize': 1048576,
'filename': './data/malware/335eeb80174bf8d034cbf23c7d2a41ec1413017db0a9c23f5dd4fce0847f4009'},
'3365106f1cffa97b4f92c3f5345baf665e586a1cdc40db759ab09781676d1996': {'AddressOfEntryPoint': 271424,
'DebugRVA': 393088,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 389120,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueExW',
'COMCTL32.dll': '_TrackMouseEvent',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'lstrcpyW',
'OLEAUT32.dll': 'SysStringLen',
'SHELL32.dll': 'DragQueryFileW',
'SHLWAPI.dll': 'PathIsUNCW',
'USER32.dll': 'UnregisterClassA',
'VERSION.dll': 'VerQueryValueW',
'WINSPOOL.DRV': 'OpenPrinterW',
'comdlg32.dll': 'GetFileTitleW',
'gdiplus.dll': 'GdiplusStartup',
'imagehlp.dll': 'CheckSumMappedFile',
'iphlpapi.dll': 'GetIfEntry',
'ole32.dll': 'CoRegisterMessageFilter',
'oledlg.dll': 'OleUIBusyW'},
'ImportedFunctions': ['ExitProcess',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'HeapReAlloc',
'RaiseException',
'RtlPcToFileHeader',
'HeapSize',
'VirtualProtect',
'VirtualQuery',
'GetStdHandle',
'GetModuleFileNameA',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'GetStartupInfoW',
'TerminateProcess',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'LCMapStringA',
'LCMapStringW',
'GetTimeZoneInformation',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEnvironmentVariableA',
'GetProcessHeap',
'HeapAlloc',
'HeapFree',
'GetTickCount',
'GetFileTime',
'FileTimeToLocalFileTime',
'SetErrorMode',
'GetFullPathNameW',
'GetVolumeInformationW',
'FindFirstFileW',
'FindClose',
'DuplicateHandle',
'SetEndOfFile',
'UnlockFile',
'LockFile',
'FlushFileBuffers',
'WritePrivateProfileStringW',
'TlsFree',
'DeleteCriticalSection',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'LocalAlloc',
'FileTimeToSystemTime',
'GetThreadLocale',
'GlobalFlags',
'lstrlenA',
'GetCurrentThread',
'ConvertDefaultLocale',
'EnumResourceLanguagesW',
'lstrcmpA',
'CompareStringA',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GlobalAddAtomW',
'GlobalFindAtomW',
'GlobalDeleteAtom',
'CompareStringW',
'LoadLibraryA',
'GetVersionExA',
'FormatMessageW',
'LocalFree',
'MulDiv',
'GetModuleHandleA',
'SetLastError',
'WideCharToMultiByte',
'GlobalFree',
'GlobalUnlock',
'GlobalLock',
'GlobalAlloc',
'GetLocaleInfoW',
'GetEnvironmentVariableW',
'DeviceIoControl',
'GetFileAttributesW',
'GetCurrentDirectoryW',
'GetSystemInfo',
'GetModuleHandleW',
'GetVersionExW',
'GetLastError',
'CreateMutexW',
'Sleep',
'GetTempPathW',
'lstrlenW',
'UnmapViewOfFile',
'IsBadReadPtr',
'MapViewOfFile',
'CreateFileMappingW',
'WriteFile',
'DeleteFileW',
'CopyFileW',
'SetFilePointer',
'lstrcmpW',
'GetModuleFileNameW',
'FindResourceExW',
'lstrcmpiW',
'GetWindowsDirectoryW',
'lstrcatW',
'MultiByteToWideChar',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'GetVersion',
'GetCurrentProcess',
'FreeResource',
'LockResource',
'SizeofResource',
'LoadResource',
'FindResourceW',
'VirtualFree',
'CloseHandle',
'ReadFile',
'VirtualAlloc',
'GetFileSize',
'CreateFileW',
'GetSystemTimeAsFileTime',
'lstrcpyW',
'RegisterClipboardFormatW',
'PostThreadMessageW',
'SetCapture',
'UnregisterClassW',
'GetSysColorBrush',
'SetWindowContextHelpId',
'MapDialogRect',
'GetMessageW',
'TranslateMessage',
'ValidateRect',
'PostQuitMessage',
'GetWindowThreadProcessId',
'SetMenuItemBitmaps',
'GetMenuCheckMarkDimensions',
'ModifyMenuW',
'EnableMenuItem',
'RegisterWindowMessageW',
'SendDlgItemMessageA',
'WinHelpW',
'IsChild',
'GetCapture',
'SetWindowsHookExW',
'CallNextHookEx',
'GetClassLongPtrW',
'SetPropW',
'GetPropW',
'RemovePropW',
'GetForegroundWindow',
'GetLastActivePopup',
'DispatchMessageW',
'GetWindowLongPtrW',
'SetWindowLongPtrW',
'UnhookWindowsHookEx',
'GetMessageTime',
'GetMessagePos',
'PeekMessageW',
'MapWindowPoints',
'IsWindowVisible',
'UpdateWindow',
'GetMenu',
'CreateWindowExW',
'GetClassInfoExW',
'GetClassInfoW',
'RegisterClassW',
'AdjustWindowRectEx',
'EqualRect',
'DefWindowProcW',
'CallWindowProcW',
'IntersectRect',
'SystemParametersInfoA',
'GetMenuState',
'GetMenuItemID',
'GetMenuItemCount',
'EndPaint',
'BeginPaint',
'ClientToScreen',
'ScreenToClient',
'GrayStringW',
'DrawTextExW',
'TabbedTextOutW',
'ShowWindow',
'MoveWindow',
'GetDlgCtrlID',
'SetWindowTextW',
'IsDialogMessageW',
'SetDlgItemTextW',
'SendDlgItemMessageW',
'GetWindowTextLengthW',
'GetWindow',
'GetDesktopWindow',
'GetActiveWindow',
'SetActiveWindow',
'CreateDialogIndirectParamW',
'DestroyWindow',
'IsWindow',
'IsWindowEnabled',
'EndDialog',
'DrawTextW',
'GetTopWindow',
'SetParent',
'GetKeyState',
'ScrollDC',
'SetCursor',
'LoadCursorW',
'GetParent',
'DrawStateW',
'DrawEdge',
'CopyRect',
'PtInRect',
'InvalidateRect',
'GetSysColor',
'InflateRect',
'GetWindowPlacement',
'DestroyMenu',
'TrackPopupMenu',
'GetSubMenu',
'LoadMenuW',
'GetCursorPos',
'OffsetRect',
'ReleaseCapture',
'DrawIcon',
'IsIconic',
'MessageBeep',
'GetNextDlgGroupItem',
'InvalidateRgn',
'SetRect',
'CheckMenuItem',
'SetWindowPos',
'IsRectEmpty',
'CopyAcceleratorTableW',
'CharNextW',
'CharUpperW',
'SetWindowRgn',
'GetClientRect',
'SetWindowLongW',
'GetWindowLongW',
'AppendMenuW',
'GetSystemMenu',
'LoadIconW',
'GetSystemMetrics',
'TranslateAcceleratorW',
'ReleaseDC',
'GetDC',
'LoadAcceleratorsW',
'EnumWindows',
'FindWindowW',
'SetForegroundWindow',
'GetWindowTextW',
'MessageBoxW',
'GetDlgItem',
'GetClassNameW',
'RedrawWindow',
'LoadBitmapW',
'GetFocus',
'GetNextDlgTabItem',
'SetFocus',
'PostMessageW',
'KillTimer',
'SetTimer',
'wsprintfW',
'SendMessageW',
'EnableWindow',
'DrawIconEx',
'GetWindowRect',
'LoadImageW',
'GetWindowDC',
'UnregisterClassA',
'ExtSelectClipRgn',
'CreateBitmap',
'ScaleWindowExtEx',
'CreateRectRgnIndirect',
'GetMapMode',
'DPtoLP',
'GetTextColor',
'GetRgnBox',
'GetClipBox',
'SetMapMode',
'SetWindowExtEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'Escape',
'ExtTextOutW',
'TextOutW',
'RectVisible',
'PtVisible',
'GetWindowExtEx',
'GetViewportExtEx',
'SetTextAlign',
'MoveToEx',
'CreateSolidBrush',
'SetBkMode',
'RestoreDC',
'SaveDC',
'FloodFill',
'SetTextColor',
'SetBkColor',
'Ellipse',
'SetPixel',
'CreateFontW',
'EnumFontFamiliesExW',
'CreateFontIndirectW',
'GetTextExtentPoint32W',
'Rectangle',
'DeleteObject',
'CreatePen',
'GetBkColor',
'FrameRgn',
'StretchBlt',
'GetObjectW',
'DeleteDC',
'BitBlt',
'SelectObject',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'CreateDCW',
'CombineRgn',
'CreateRectRgn',
'CreateRoundRectRgn',
'GetDeviceCaps',
'GetStockObject',
'LineTo',
'GetSaveFileNameW',
'GetFileTitleW',
'DocumentPropertiesW',
'ClosePrinter',
'OpenPrinterW',
'OpenEventLogW',
'RegSetValueExW',
'RegCreateKeyExW',
'RegQueryValueW',
'RegEnumKeyW',
'RegDeleteKeyW',
'RegOpenKeyW',
'CloseEventLog',
'ReadEventLogW',
'RegOpenKeyExW',
'ControlService',
'StartServiceW',
'DeleteService',
'CloseServiceHandle',
'OpenServiceW',
'CreateServiceW',
'OpenSCManagerW',
'RegCloseKey',
'RegQueryValueExW',
'DragFinish',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragQueryFileW',
'_TrackMouseEvent',
'PathFindExtensionW',
'PathFindFileNameW',
'PathStripToRootW',
'PathFileExistsW',
'PathIsUNCW',
'OleUIBusyW',
'CoTaskMemFree',
'CLSIDFromProgID',
'CLSIDFromString',
'CoGetClassObject',
'StgOpenStorageOnILockBytes',
'StgCreateDocfileOnILockBytes',
'CreateILockBytesOnHGlobal',
'OleUninitialize',
'CoFreeUnusedLibraries',
'CoTaskMemAlloc',
'OleInitialize',
'CoRevokeClassObject',
'OleIsCurrentClipboard',
'OleFlushClipboard',
'CoRegisterMessageFilter',
'SysAllocString',
'OleCreateFontIndirect',
'SystemTimeToVariantTime',
'VariantTimeToSystemTime',
'SafeArrayDestroy',
'VariantCopy',
'SysAllocStringLen',
'VariantInit',
'VariantChangeType',
'VariantClear',
'SysFreeString',
'SysStringLen',
'GetAdaptersInfo',
'GetTcpTable',
'GetTcpStatistics',
'GetIfEntry',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'CheckSumMappedFile',
'GdipFree',
'GdipSaveImageToFile',
'GdipGetImageEncodersSize',
'GdipCreateBitmapFromHBITMAP',
'GdipAlloc',
'GdipDisposeImage',
'GdipGetImageEncoders',
'GdipCloneImage',
'GdiplusShutdown',
'GdiplusStartup'],
'LinkerVersion': 8,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 437,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 214744,
'SectionNames': {'.data\x00\x00\x00': 15360,
'.pdata\x00\x00': 30208,
'.rdata\x00\x00': 142848,
'.rsrc\x00\x00\x00': 215040,
'.text\x00\x00\x00': 382464},
'StackReserveSize': 1048576,
'filename': './data/malware/3365106f1cffa97b4f92c3f5345baf665e586a1cdc40db759ab09781676d1996'},
'33d9efb38d0fffae6c67c329aecde9696ca915a571b178a5482efd11413fd786': {'AddressOfEntryPoint': 602220,
'DebugRVA': 85372,
'DebugSize': 56,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 86016,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'WMILIB.SYS': 'WmiSystemControl',
'ksecdd.sys': 'SystemPrng',
'ntoskrnl.exe': '__C_specific_handler',
'srvnet.sys': 'SrvNetDisconnectConnection'},
'ImportedFunctions': ['RtlCompareMemory',
'KeInitializeEvent',
'ExInitializeResourceLite',
'InitializeSListHead',
'KeAcquireSpinLockRaiseToDpc',
'KeReleaseSpinLock',
'ExInterlockedRemoveHeadList',
'ExAcquireResourceExclusiveLite',
'RtlEqualUnicodeString',
'ExReleaseResourceLite',
'ExpInterlockedPopEntrySList',
'ExDeleteResourceLite',
'NlsMbOemCodePageTag',
'RtlxUnicodeStringToOemSize',
'RtlUnicodeStringToOemString',
'KeResetEvent',
'ExAcquireResourceSharedLite',
'KeAcquireSpinLockAtDpcLevel',
'KeReleaseSpinLockFromDpcLevel',
'RtlUpcaseUnicodeChar',
'KeGetCurrentProcessorNumberEx',
'ExpInterlockedPushEntrySList',
'ObfDereferenceObject',
'IoGetRelatedDeviceObject',
'IoFreeIrp',
'IoCheckDesiredAccess',
'PsIsThreadImpersonating',
'IoGetCurrentProcess',
'PsDereferencePrimaryToken',
'PsDereferenceImpersonationToken',
'PsImpersonateClient',
'RtlCopyUnicodeString',
'KeStackAttachProcess',
'KeUnstackDetachProcess',
'RtlLengthSecurityDescriptor',
'ZwClose',
'NtQueryVolumeInformationFile',
'NtOpenFile',
'NtQueryInformationFile',
'KeInitializeTimer',
'KeCancelTimer',
'KeReadStateEvent',
'KeInitializeDpc',
'KeSetTargetProcessorDpcEx',
'KeClearEvent',
'KeSetTimer',
'RtlOemStringToUnicodeString',
'IoInitializeIrp',
'MmBuildMdlForNonPagedPool',
'ExFreePoolWithTag',
'KeInsertQueue',
'IoFreeMdl',
'ZwUnmapViewOfSection',
'ZwMapViewOfSection',
'IoAllocateMdl',
'MmProbeAndLockPages',
'IofCallDriver',
'IoCreateFile',
'ZwCreateSection',
'NtReadFile',
'NtSetInformationFile',
'NtWriteFile',
'ObReferenceObjectByHandle',
'RtlUpperChar',
'ExAllocatePoolWithTag',
'IoWMIWriteEvent',
'MmGetSystemRoutineAddress',
'IoWMIRegistrationControl',
'IofCompleteRequest',
'IoCreateDevice',
'IoDeleteDevice',
'KeInsertHeadQueue',
'WmiGetClock',
'IoIs32bitProcess',
'KeEnterCriticalRegion',
'KeLeaveCriticalRegion',
'IoAllocateWorkItem',
'MmUnlockPages',
'KeQueryTimeIncrement',
'IoGetRequestorProcess',
'KeAttachProcess',
'KeDetachProcess',
'ExAllocatePoolWithTagPriority',
'IoQueueWorkItem',
'MmUnmapLockedPages',
'IoBuildPartialMdl',
'RtlFreeOemString',
'ZwOpenEvent',
'RtlAnsiStringToUnicodeString',
'IoFreeWorkItem',
'KeInitializeQueue',
'RtlCreateSecurityDescriptor',
'RtlLengthRequiredSid',
'RtlInitializeSid',
'MmMapLockedPagesSpecifyCache',
'RtlLengthSid',
'RtlCreateAcl',
'RtlAddAccessAllowedAce',
'RtlSetDaclSecurityDescriptor',
'RtlSetOwnerSecurityDescriptor',
'ZwOpenKey',
'ZwQueryValueKey',
'KeDelayExecutionThread',
'KeRundownQueue',
'RtlGetDaclSecurityDescriptor',
'RtlGetOwnerSecurityDescriptor',
'MmUnlockPagableImageSection',
'_wcsupr',
'KeGetProcessorNumberFromIndex',
'KeReadStateQueue',
'_wcsicmp',
'ZwSetValueKey',
'ExSystemTimeToLocalTime',
'RtlTimeToSecondsSince1970',
'NtQuerySecurityObject',
'FsRtlDoesNameContainWildCards',
'SeSinglePrivilegeCheck',
'SeExports',
'RtlTimeToTimeFields',
'RtlTimeFieldsToTime',
'ObfReferenceObject',
'IoAllocateIrp',
'IoQueueThreadIrp',
'IoReuseIrp',
'MmLockPagableDataSection',
'IoCreateFileEx',
'RtlPrefixUnicodeString',
'IoCheckEaBufferValidity',
'IoCheckFunctionAccess',
'IoSetThreadHardErrorMode',
'RtlIntegerToUnicodeString',
'IoCancelIrp',
'RtlInitString',
'RtlInt64ToUnicodeString',
'_stricmp',
'wcschr',
'strncmp',
'IoFastQueryNetworkAttributes',
'RtlSecondsSince1970ToTime',
'IoCheckQuerySetFileInformation',
'RtlUpcaseUnicodeStringToOemString',
'NtDeviceIoControlFile',
'RtlFreeAnsiString',
'IoCheckQuerySetVolumeInformation',
'NtSetVolumeInformationFile',
'RtlValidRelativeSecurityDescriptor',
'NtSetSecurityObject',
'NtQueryQuotaInformationFile',
'NtSetQuotaInformationFile',
'_wcsnicmp',
'RtlInitAnsiString',
'RtlIsNameLegalDOS8Dot3',
'FsRtlIsFatDbcsLegal',
'NlsOemLeadByteInfo',
'RtlUpcaseUnicodeToOemN',
'RtlUnicodeToOemN',
'IoSetFileOrigin',
'PsAssignImpersonationToken',
'RtlMapGenericMask',
'SeFreePrivileges',
'ExQueueWorkItem',
'ObOpenObjectByPointer',
'ZwDuplicateObject',
'RtlAppendUnicodeToString',
'RtlAppendUnicodeStringToString',
'IoCreateFileSpecifyDeviceObjectHint',
'FsRtlInitializeExtraCreateParameterList',
'FsRtlInitializeExtraCreateParameter',
'FsRtlInsertExtraCreateParameter',
'RtlValidSecurityDescriptor',
'RtlCompareUnicodeString',
'KeQueryActiveProcessorCountEx',
'KeGetRecommendedSharedDataAlignment',
'_vsnwprintf',
'IoBuildDeviceIoControlRequest',
'NtClose',
'toupper',
'FsRtlIsNameInExpression',
'RtlNtStatusToDosErrorNoTeb',
'VerSetConditionMask',
'RtlVerifyVersionInfo',
'MmSizeOfMdl',
'MmIsThisAnNtAsSystem',
'PsCreateSystemThread',
'NtSetInformationThread',
'KeQueryGroupAffinity',
'KeSetSystemGroupAffinityThread',
'KeSetIdealProcessorThread',
'KeRemoveQueue',
'PsTerminateSystemThread',
'NtFreeVirtualMemory',
'NtAllocateVirtualMemory',
'KeSetEvent',
'RtlFreeUnicodeString',
'RtlUpcaseUnicodeString',
'KeWaitForSingleObject',
'SeUnlockSubjectContext',
'SeQueryAuthenticationIdToken',
'SeLockSubjectContext',
'SeReleaseSubjectContext',
'SeCaptureSubjectContext',
'ExInterlockedAddUlong',
'ExLocalTimeToSystemTime',
'KeBugCheckEx',
'DbgPrint',
'RtlSubAuthoritySid',
'RtlInitUnicodeString',
'ExAcquireFastMutex',
'ExReleaseFastMutex',
'__C_specific_handler',
'WmiCompleteRequest',
'WmiSystemControl',
'AddCredentialsW',
'FreeCredentialsHandle',
'AcquireCredentialsHandleW',
'DeleteSecurityContext',
'InitSecurityInterfaceW',
'RevertSecurityContext',
'QueryContextAttributesW',
'ImpersonateSecurityContext',
'MapSecurityError',
'AcceptSecurityContext',
'KSecValidateBuffer',
'FreeContextBuffer',
'SystemPrng',
'SrvLibIsNetworkAddress',
'SrvNetCloseConnection',
'SrvLibGetBaseFileName',
'SrvXsSchedulePrintJob',
'SrvAdminDeregisterFile',
'SrvLibAuditForceAccess',
'SrvAdminDeregisterSession',
'SrvLibLookasideAllocate',
'SrvLibLookasideFree',
'SrvAdminDeregisterTreeConnect',
'SrvAdminQueryResumeKeyTarget',
'SrvAdminIsScopedName',
'SrvLibLogError',
'SrvLibIsLoggableError',
'SrvLibGenerateSrvServiceSD',
'SrvLibApplySrvDeviceAcl',
'SrvLibFreeSrvServiceSD',
'SrvNetReceiveData',
'SrvNetGetQueueStatistics',
'SrvNetRegisterClient',
'SrvNetStartClient',
'SrvXsConnect',
'SrvNetInitializeStatisticsQueues',
'SrvLibLookasideInitialize',
'SrvLibLookasideCreatePool',
'SrvLibLookasideDirectFreeBuffer',
'SrvLibLookasideDirectNonPagedAllocateBuffer',
'SrvLibLookasideDirectPagedAllocateBuffer',
'SrvAdminRegisterProvider',
'SrvNetStopClient',
'SrvNetDeregisterClient',
'SrvXsClosePrinter',
'SrvXsDisconnect',
'SrvAdminDeregisterProvider',
'SrvNetDisableStatisticsQueue',
'SrvLibLookasideDestroyPool',
'SrvAdminRefreshAnonymousLists',
'SrvAdminRefreshNoRemapPipeList',
'SrvLibGetDWord',
'SrvLibQueryLicensingDWord',
'SrvLibSetSrvErrorLogIgnore',
'SrvGraftName',
'SrvNetFreePool',
'SrvNetQueryConnectionInformation',
'SrvNetSetConnectionInformation',
'SrvNetSendData',
'SrvXsAddPrintJob',
'SrvAdminRemapPipeName',
'SrvAdminRegisterFile',
'SrvNetUpdateStatisticsFromQueues',
'SrvNetUpdateIOCountFromQueues',
'SrvAdminDoesShareAllowAnonymous',
'SrvLibTruncateDnsName',
'SrvAdminEvaluateServerAlias',
'SrvAdminRegisterSession',
'SrvLibIsFsctlDisallowed',
'SrvLibIsDosDeviceName',
'SrvAdminDoesPipeAllowAnonymous',
'SrvLibAllocatePipeEa',
'SrvLibFreePipeEa',
'SrvLibAuditSuccessEnabled',
'SrvLibAuditShareAccess',
'SrvLibRetrieveMaximalAccessRightsForUser',
'SrvLibAuditShareConnect',
'SrvAdminRegisterTreeConnect',
'SrvXsOpenPrinter',
'SrvNetGetStatisticsAndLock',
'SrvAdminSetUserLimit',
'SrvNetQueryRssScalability',
'SrvXsDownLevelAPI',
'SrvAdminAuditSpnCheck',
'SrvAdminCheckSpn',
'SrvLibSeAccessCheck',
'SrvAdminAllowIdlePowerDownForActivity',
'SrvAdminInhibitIdlePowerDownForActivity',
'SrvAdminInhibitIdlePowerDownForOpenFiles',
'SrvAdminAllowIdlePowerDownForOpenFiles',
'SrvNetDisconnectConnection'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 303,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1824,
'SectionNames': {'.data\x00\x00\x00': 3072,
'.pdata\x00\x00': 16896,
'.rdata\x00\x00': 29696,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 81408,
'INIT\x00\x00\x00\x00': 12288,
'PAGE\x00\x00\x00\x00': 310784,
'PAGE8FIL': 9728},
'StackReserveSize': 262144,
'filename': './data/malware/33d9efb38d0fffae6c67c329aecde9696ca915a571b178a5482efd11413fd786'},
'33ea253da16d4bc1a0a5598a994d20ce600bcfb10c3e255b79d5c9baf79a1a75': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3364,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/33ea253da16d4bc1a0a5598a994d20ce600bcfb10c3e255b79d5c9baf79a1a75'},
'33f6cce599557993969af2ae7c1076a45866811ff8fab866ebdef69da7ce2c3e': {'AddressOfEntryPoint': 14496,
'DebugRVA': 91040,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 90112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 5288,
'SectionNames': {'.data\x00\x00\x00': 6017024,
'.pdata\x00\x00': 5120,
'.rdata\x00\x00': 18944,
'.rsrc\x00\x00\x00': 5632,
'.text\x00\x00\x00': 84480},
'StackReserveSize': 1048576,
'filename': './data/malware/33f6cce599557993969af2ae7c1076a45866811ff8fab866ebdef69da7ce2c3e'},
'34a84a55a2d3eca30055460dd6b44da61373131de769bdd548f9fb6b940433c6': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3436,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 217600,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/34a84a55a2d3eca30055460dd6b44da61373131de769bdd548f9fb6b940433c6'},
'34e7b0ea40b7e09ceaf993a42e3c0c9e68e9841e5eda859d06b0aa141a50647c': {'AddressOfEntryPoint': 405692,
'DebugRVA': 4912,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 68728,
'SectionNames': {'.npdata\x00': 1024,
'.pdata\x00\x00': 17408,
'.rdata\x00\x00': 40448,
'.reloc\x00\x00': 4096,
'.rsrc\x00\x00\x00': 69120,
'INIT\x00\x00\x00\x00': 3584,
'PAGE\x00\x00\x00\x00': 301056,
'PAGED\x00\x00\x00': 31232},
'StackReserveSize': 262144,
'filename': './data/malware/34e7b0ea40b7e09ceaf993a42e3c0c9e68e9841e5eda859d06b0aa141a50647c'},
'34ec07469a5fbe567932245cef254e362db1ce3a9c97e9cfef298f47bc08642e': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1953268,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1953280,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/34ec07469a5fbe567932245cef254e362db1ce3a9c97e9cfef298f47bc08642e'},
'34f8571f4152d7f493b5339d175932d3b4be713769aa8b870457ea38bdb9a65d': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3488,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/34f8571f4152d7f493b5339d175932d3b4be713769aa8b870457ea38bdb9a65d'},
'3528469d41b556fda2c6f22acd8d92744d868ce1c15fbce991e25b76e2bb780d': {'AddressOfEntryPoint': 51236,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'GetVolumeInformationA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'GetFileVersionInfoSizeA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['RegCloseKey',
'RegQueryInfoKeyA',
'GetTokenInformation',
'FreeSid',
'RegSetValueExA',
'LookupPrivilegeValueA',
'RegDeleteValueA',
'RegCreateKeyExA',
'AllocateAndInitializeSid',
'EqualSid',
'RegQueryValueExA',
'RegOpenKeyExA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'WritePrivateProfileStringA',
'LocalFree',
'FindFirstFileA',
'_lclose',
'DeleteFileA',
'lstrlenA',
'GetLastError',
'GetFileAttributesA',
'ExpandEnvironmentStringsA',
'GetProcAddress',
'_llseek',
'GetWindowsDirectoryA',
'RemoveDirectoryA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'FreeLibrary',
'GetModuleFileNameA',
'FindNextFileA',
'SetFileAttributesA',
'GlobalFree',
'GetCurrentProcess',
'FindClose',
'GetPrivateProfileStringA',
'CompareStringA',
'LoadLibraryA',
'GlobalAlloc',
'GlobalUnlock',
'GlobalLock',
'GetPrivateProfileIntA',
'_lopen',
'GetShortPathNameA',
'LoadLibraryExA',
'ExitProcess',
'CloseHandle',
'GetCurrentDirectoryA',
'WriteFile',
'DosDateTimeToFileTime',
'SetCurrentDirectoryA',
'CreateFileA',
'FindResourceA',
'GetDriveTypeA',
'GetVersionExA',
'SetFilePointer',
'GetVersion',
'FreeResource',
'GetTempPathA',
'GetTempFileNameA',
'CreateThread',
'ResetEvent',
'LocalFileTimeToFileTime',
'CreateDirectoryA',
'TerminateThread',
'LoadResource',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'LockResource',
'WaitForSingleObject',
'CreateProcessA',
'SetEvent',
'ReadFile',
'GetSystemInfo',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'Sleep',
'CreateMutexA',
'lstrcmpA',
'LocalAlloc',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'GetVolumeInformationA',
'GetDeviceCaps',
'CallWindowProcA',
'PeekMessageA',
'EnableWindow',
'SetWindowTextA',
'DispatchMessageA',
'MessageBoxA',
'SetForegroundWindow',
'SetWindowLongPtrA',
'MsgWaitForMultipleObjects',
'ShowWindow',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'GetDlgItem',
'SendMessageA',
'GetWindowRect',
'GetWindowLongPtrA',
'SendDlgItemMessageA',
'GetDC',
'SetWindowPos',
'SetDlgItemTextA',
'MessageBeep',
'CharUpperA',
'EndDialog',
'CharNextA',
'GetDesktopWindow',
'ExitWindowsEx',
'CharPrevA',
'LoadStringA',
'ReleaseDC',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'VerQueryValueA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 542892,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 543232,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/3528469d41b556fda2c6f22acd8d92744d868ce1c15fbce991e25b76e2bb780d'},
'35762d897761aa383e755eced4845e8a2effd33947843ecb2ccbde4aa17253cb': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 22312,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 22528,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/35762d897761aa383e755eced4845e8a2effd33947843ecb2ccbde4aa17253cb'},
'358b06f3e46f54c4c87d6fa5fad3876a6e42c3f2b875fa5cc58f0fa1af8ff84a': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 4915636,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 4915712,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/358b06f3e46f54c4c87d6fa5fad3876a6e42c3f2b875fa5cc58f0fa1af8ff84a'},
'359ed51b783a857cf8a986b08703540bb5a4a47f1672bc7379c43c5ee569e8d6': {'AddressOfEntryPoint': 107836,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 37672,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 596992,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/359ed51b783a857cf8a986b08703540bb5a4a47f1672bc7379c43c5ee569e8d6'},
'35b8f943c86d3c6abc48613e94b80d8c7fdd7a61bcca1e876ba54e3436ca1fa9': {'AddressOfEntryPoint': 33652,
'DebugRVA': 8656,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'FLTMGR.SYS': 'FltGetBottomInstance',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['RtlCompareUnicodeString',
'RtlInitUnicodeString',
'ZwOpenProcess',
'IoDeleteDevice',
'ZwReadFile',
'ExpInterlockedPushEntrySList',
'ExpInterlockedPopEntrySList',
'ExQueryDepthSList',
'KeBugCheckEx',
'IoAttachDeviceToDeviceStackSafe',
'ZwClose',
'ExInitializeNPagedLookasideList',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateWorkItem',
'ExFreePoolWithTag',
'ExAllocatePool',
'IoRegisterFsRegistrationChange',
'ExDeleteNPagedLookasideList',
'ExAllocatePoolWithTag',
'IoThreadToProcess',
'PsGetProcessId',
'IoUnregisterFsRegistrationChange',
'IoDetachDevice',
'ExQueueWorkItem',
'ZwWriteFile',
'KeReleaseSpinLock',
'IoQueueWorkItem',
'IoCreateDevice',
'ObfDereferenceObject',
'IoFreeWorkItem',
'ZwQueryInformationProcess',
'__C_specific_handler',
'FltGetFileNameInformation',
'FltCancelFileOpen',
'FltClose',
'FltAttachVolume',
'FltCreateFile',
'FltGetVolumeFromName',
'FltSendMessage',
'FltFreeSecurityDescriptor',
'FltStartFiltering',
'FltGetVolumeFromDeviceObject',
'FltReleaseFileNameInformation',
'FltRegisterFilter',
'FltGetDeviceObject',
'FltObjectDereference',
'FltBuildDefaultSecurityDescriptor',
'FltGetVolumeName',
'FltCreateCommunicationPort',
'FltCloseCommunicationPort',
'FltEnumerateVolumes',
'FltUnregisterFilter',
'FltCloseClientPort',
'FltGetBottomInstance'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 55,
'NumberOfSections': 7,
'OSVersion': 6,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.text\x00\x00\x00': 3072,
'INIT\x00\x00\x00\x00': 3072,
'PAGE\x00\x00\x00\x00': 11264},
'StackReserveSize': 262144,
'filename': './data/malware/35b8f943c86d3c6abc48613e94b80d8c7fdd7a61bcca1e876ba54e3436ca1fa9'},
'35b97b759d6ce90ae6d2d3da6131046035020383cf5cea2a5d59510f3fc1d9d7': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37344,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/35b97b759d6ce90ae6d2d3da6131046035020383cf5cea2a5d59510f3fc1d9d7'},
'3603f67a6606e7fc32c06519e2afeed15289bd160cfd48d37487bc5f8aaf513c': {'AddressOfEntryPoint': 221200,
'DebugRVA': 160192,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 159744,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'bxftska.sys': 'ks_add_device',
'iscsiprt.sys': 'iScsiPortNotification',
'ntoskrnl.exe': 'strncpy'},
'ImportedFunctions': ['iScsiPortDeviceBusy',
'iScsiPortGetOriginalMdl',
'iScsiPortMoveMemory',
'iScsiPortCompleteServiceIrp',
'iScsiPortPauseDevice',
'iScsiPortResumeDevice',
'iScsiPortInitialize',
'iScsiPortDeviceReady',
'ScsiPortWmiPostProcess',
'ScsiPortWmiGetInstanceName',
'ScsiPortWmiSetInstanceName',
'ScsiPortWmiSetData',
'ScsiPortWmiSetInstanceCount',
'ScsiPortWmiDispatchFunction',
'ScsiPortWmiFireLogicalUnitEvent',
'iScsiPortNotification',
'ZwOpenKey',
'ZwClose',
'ZwCreateKey',
'RtlInitUnicodeString',
'IoOpenDeviceRegistryKey',
'ZwSetValueKey',
'wcsncpy',
'ZwDeleteValueKey',
'ZwDeleteKey',
'IofCallDriver',
'IoBuildSynchronousFsdRequest',
'KeInitializeEvent',
'KeSetEvent',
'IoGetDeviceProperty',
'IoBuildPartialMdl',
'IoAllocateMdl',
'MmMapLockedPagesSpecifyCache',
'MmUnmapLockedPages',
'IoFreeMdl',
'DbgPrint',
'RtlQueryRegistryValues',
'ExAllocatePoolWithTag',
'ExFreePoolWithTag',
'wcsncmp',
'sprintf',
'strstr',
'IoWriteErrorLogEntry',
'IoAllocateErrorLogEntry',
'KeAcquireSpinLockRaiseToDpc',
'KeReleaseSpinLock',
'KeBugCheckEx',
'DbgBreakPoint',
'KeWaitForSingleObject',
'strncmp',
'strncpy',
'ks_add_device'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 52,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 12160,
'SectionNames': {'.data\x00\x00\x00': 6656,
'.pdata\x00\x00': 9728,
'.rdata\x00\x00': 37888,
'.reloc\x00\x00': 3072,
'.rsrc\x00\x00\x00': 12288,
'.text\x00\x00\x00': 155136,
'INIT\x00\x00\x00\x00': 2048},
'StackReserveSize': 262144,
'filename': './data/malware/3603f67a6606e7fc32c06519e2afeed15289bd160cfd48d37487bc5f8aaf513c'},
'36255fcc28988554e9a5b89d5af374876c0f925e47a7cb5db1d0bb49d68039f6': {'AddressOfEntryPoint': 3221225536,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 356352,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'VirtualAlloc',
'OLEAUT32.dll': 'VariantCopy',
'SETUPAPI.dll': 'SetupFindFirstLineA',
'SHELL32.dll': 'ShellExecuteA',
'SHLWAPI.dll': 'PathIsUNCA',
'USER32.dll': 'SetMenuItemBitmaps',
'VERSION.dll': 'VerQueryValueA',
'WINSPOOL.DRV': 'OpenPrinterA',
'comdlg32.dll': 'GetFileTitleA',
'newdev.dll': 'UpdateDriverForPlugAndPlayDevicesA',
'ole32.dll': 'CoRevokeClassObject'},
'ImportedFunctions': ['SetupDiOpenDevRegKey',
'SetupCopyOEMInfA',
'SetupOpenInfFileA',
'SetupCloseInfFile',
'SetupGetTargetPathA',
'SetupFindNextLine',
'SetupDiGetClassDevsA',
'SetupDiGetDeviceInstanceIdA',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiSetClassInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiGetDeviceInstallParamsA',
'SetupDiGetDeviceInfoListDetailA',
'CM_Get_DevNode_Status_Ex',
'SetupGetStringFieldA',
'SetupFindFirstLineA',
'UpdateDriverForPlugAndPlayDevicesA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'GlobalFlags',
'GetThreadLocale',
'ReadFile',
'SetFilePointer',
'FlushFileBuffers',
'LockFile',
'UnlockFile',
'SetEndOfFile',
'GetFileSize',
'DuplicateHandle',
'GetVolumeInformationA',
'GetFullPathNameA',
'GetCPInfo',
'GetOEMCP',
'FileTimeToSystemTime',
'SetErrorMode',
'FileTimeToLocalFileTime',
'GetFileAttributesA',
'GetFileTime',
'GetTickCount',
'HeapAlloc',
'HeapFree',
'HeapReAlloc',
'VirtualProtect',
'GetSystemInfo',
'VirtualQuery',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'ExitProcess',
'GetProcessHeap',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'HeapSize',
'GetStdHandle',
'HeapSetInformation',
'HeapCreate',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlVirtualUnwind',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'GetACP',
'IsValidCodePage',
'LCMapStringA',
'LCMapStringW',
'SetHandleCount',
'GetFileType',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'GetStringTypeA',
'GetStringTypeW',
'GetTimeZoneInformation',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'SetEnvironmentVariableA',
'WritePrivateProfileStringA',
'TlsFree',
'DeleteCriticalSection',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'GlobalGetAtomNameA',
'GlobalFindAtomA',
'lstrcmpW',
'GetModuleFileNameW',
'FreeResource',
'GetCurrentProcessId',
'GlobalAddAtomA',
'GlobalDeleteAtom',
'GetCurrentThread',
'GetCurrentThreadId',
'ConvertDefaultLocale',
'EnumResourceLanguagesA',
'GetLocaleInfoA',
'lstrcmpA',
'GlobalLock',
'GlobalUnlock',
'MulDiv',
'SetLastError',
'CreateThread',
'lstrcpyA',
'SetFileAttributesA',
'DeleteFileA',
'FindFirstFileA',
'FindClose',
'FindNextFileA',
'GetModuleFileNameA',
'GlobalAlloc',
'GlobalFree',
'GetCommandLineA',
'CreateProcessA',
'WaitForSingleObject',
'GetExitCodeProcess',
'Sleep',
'GetModuleHandleA',
'GetVersionExA',
'GetSystemDefaultLangID',
'GetUserDefaultLangID',
'CreateFileA',
'WriteFile',
'CloseHandle',
'GetWindowsDirectoryA',
'lstrcatA',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'LocalAlloc',
'FormatMessageA',
'LocalFree',
'GetCurrentProcess',
'FindResourceA',
'LoadResource',
'LockResource',
'SizeofResource',
'lstrlenA',
'CompareStringW',
'CompareStringA',
'GetVersion',
'GetLastError',
'WideCharToMultiByte',
'MultiByteToWideChar',
'VirtualAlloc',
'UnregisterClassA',
'DestroyMenu',
'RegisterClipboardFormatA',
'PostThreadMessageA',
'SetCapture',
'GetSysColorBrush',
'EndPaint',
'BeginPaint',
'GetWindowDC',
'ClientToScreen',
'GrayStringA',
'DrawTextExA',
'DrawTextA',
'TabbedTextOutA',
'ShowWindow',
'MoveWindow',
'SetWindowTextA',
'IsDialogMessageA',
'RegisterWindowMessageA',
'SendDlgItemMessageA',
'WinHelpA',
'IsChild',
'GetCapture',
'GetClassLongA',
'GetClassNameA',
'GetClassLongPtrA',
'SetPropA',
'GetPropA',
'RemovePropA',
'SetFocus',
'GetWindowTextA',
'GetForegroundWindow',
'GetTopWindow',
'GetWindowLongPtrA',
'SetWindowLongPtrA',
'GetMessageTime',
'GetMessagePos',
'MessageBeep',
'UpdateWindow',
'GetMenu',
'CreateWindowExA',
'GetClassInfoExA',
'GetClassInfoA',
'RegisterClassA',
'GetSysColor',
'AdjustWindowRectEx',
'EqualRect',
'PtInRect',
'GetDlgCtrlID',
'DefWindowProcA',
'CallWindowProcA',
'SetWindowLongA',
'OffsetRect',
'IntersectRect',
'SystemParametersInfoA',
'GetWindowPlacement',
'GetWindowRect',
'UnhookWindowsHookEx',
'GetWindow',
'SetWindowContextHelpId',
'MapDialogRect',
'SetWindowPos',
'ReleaseDC',
'GetDC',
'CopyRect',
'GetDesktopWindow',
'SetActiveWindow',
'CharUpperA',
'DrawIcon',
'SendMessageA',
'CreateDialogIndirectParamA',
'DestroyWindow',
'IsWindow',
'GetDlgItem',
'GetNextDlgTabItem',
'EndDialog',
'GetWindowThreadProcessId',
'GetWindowLongA',
'GetLastActivePopup',
'IsWindowEnabled',
'SetWindowsHookExA',
'CallNextHookEx',
'GetMessageA',
'TranslateMessage',
'DispatchMessageA',
'GetActiveWindow',
'IsWindowVisible',
'GetKeyState',
'PeekMessageA',
'GetCursorPos',
'ValidateRect',
'GetNextDlgGroupItem',
'InvalidateRgn',
'InvalidateRect',
'SetRect',
'IsRectEmpty',
'CopyAcceleratorTableA',
'CharNextA',
'MapWindowPoints',
'ReleaseCapture',
'IsIconic',
'GetClientRect',
'SetForegroundWindow',
'LoadIconA',
'EnableWindow',
'GetSystemMetrics',
'ExitWindowsEx',
'MessageBoxA',
'SetCursor',
'LoadCursorA',
'GetSubMenu',
'GetMenuItemCount',
'GetMenuItemID',
'GetMenuState',
'PostQuitMessage',
'PostMessageA',
'CheckMenuItem',
'EnableMenuItem',
'ModifyMenuA',
'GetParent',
'GetFocus',
'LoadBitmapA',
'GetMenuCheckMarkDimensions',
'SetMenuItemBitmaps',
'ExtSelectClipRgn',
'DeleteDC',
'GetStockObject',
'GetMapMode',
'GetBkColor',
'GetTextColor',
'GetRgnBox',
'SetMapMode',
'RestoreDC',
'SaveDC',
'GetObjectA',
'SetBkColor',
'SetTextColor',
'GetClipBox',
'CreateRectRgnIndirect',
'CreateBitmap',
'GetDeviceCaps',
'ScaleWindowExtEx',
'SetWindowExtEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'SelectObject',
'Escape',
'ExtTextOutA',
'TextOutA',
'RectVisible',
'PtVisible',
'GetWindowExtEx',
'GetViewportExtEx',
'DeleteObject',
'GetFileTitleA',
'ClosePrinter',
'DocumentPropertiesA',
'OpenPrinterA',
'RegQueryValueA',
'RegEnumKeyA',
'RegDeleteKeyA',
'RegCreateKeyA',
'RegSetValueExA',
'RegQueryValueExA',
'RegOpenKeyA',
'RegDeleteValueA',
'RegOpenKeyExA',
'RegEnumKeyExA',
'RegCloseKey',
'OpenProcessToken',
'LookupPrivilegeValueA',
'AdjustTokenPrivileges',
'RegCreateKeyExA',
'ShellExecuteA',
'PathFindExtensionA',
'PathFindFileNameA',
'PathStripToRootA',
'SHDeleteKeyA',
'PathIsUNCA',
'CreateILockBytesOnHGlobal',
'StgCreateDocfileOnILockBytes',
'StgOpenStorageOnILockBytes',
'CoGetClassObject',
'CLSIDFromString',
'CLSIDFromProgID',
'CoTaskMemAlloc',
'CoTaskMemFree',
'OleUninitialize',
'CoFreeUnusedLibraries',
'OleInitialize',
'OleFlushClipboard',
'CoRegisterMessageFilter',
'OleIsCurrentClipboard',
'CoRevokeClassObject',
'SysFreeString',
'SysAllocStringLen',
'VariantClear',
'VariantChangeType',
'VariantInit',
'SysStringLen',
'SysAllocStringByteLen',
'OleCreateFontIndirect',
'VariantTimeToSystemTime',
'SystemTimeToVariantTime',
'SafeArrayDestroy',
'SysAllocString',
'VariantCopy'],
'LinkerVersion': 8,
'NumberOfImportDLL': 14,
'NumberOfImportFunctions': 373,
'NumberOfSections': 4,
'OSVersion': 4,
'ResSize': 1165144,
'SectionNames': {'.data\x00\x00\x00': 13824,
'.pdata\x00\x00': 24576,
'.rdata\x00\x00': 119296,
'.text\x00\x00\x00': 349184},
'StackReserveSize': 1048576,
'filename': './data/malware/36255fcc28988554e9a5b89d5af374876c0f925e47a7cb5db1d0bb49d68039f6'},
'365bc4420db612e21f2c0a17ec94d224037fa69e878c3a6880b59060950ff2a3': {'AddressOfEntryPoint': 46113,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 57344,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'hal.dll': 'HalMakeBeep',
'ntoskrnl.exe': 'NtQuerySystemInformation'},
'ImportedFunctions': ['_strnicmp',
'IoDeleteSymbolicLink',
'KdDebuggerNotPresent',
'RtlInitUnicodeString',
'IoDeleteDevice',
'IofCompleteRequest',
'IoCreateSymbolicLink',
'PsGetCurrentProcessId',
'IoCreateDevice',
'DbgPrint',
'IoAllocateMdl',
'MmProbeAndLockPages',
'MmMapLockedPagesSpecifyCache',
'MmUnlockPages',
'IoFreeMdl',
'ExAllocatePool',
'ExFreePool',
'NtQuerySystemInformation',
'HalMakeBeep'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 19,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1024,
'.reloc\x00\x00': 1536,
'.text\x00\x00\x00': 5120,
'.vmp0\x00\x00\x00': 10752,
'.vmp1\x00\x00\x00': 31232,
'INIT\x00\x00\x00\x00': 512},
'StackReserveSize': 1048576,
'filename': './data/malware/365bc4420db612e21f2c0a17ec94d224037fa69e878c3a6880b59060950ff2a3'},
'368fac9a24d0b544c9a5442e2666913e261d3cd845a0ef1646b02f206600348b': {'AddressOfEntryPoint': 51316,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 184896,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 185344,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/368fac9a24d0b544c9a5442e2666913e261d3cd845a0ef1646b02f206600348b'},
'36d0d1d1ed96e71b90e2e15da0189b2bbf6f69c21a0e63ee1be706b262c25482': {'AddressOfEntryPoint': 242652,
'DebugRVA': 254768,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 253952,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionUnbindClass',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoGetDeviceObjectPointer',
'IoStartNextPacket',
'PoStartNextPowerIrp',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoFreeIrp',
'RtlWriteRegistryValue',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'ObfDereferenceObject',
'IoInitializeRemoveLockEx',
'IoReleaseCancelSpinLock',
'IofCallDriver',
'IoRegisterShutdownNotification',
'RtlCheckRegistryKey',
'RtlQueryRegistryValues',
'ZwEnumerateValueKey',
'IoGetDeviceProperty',
'RtlCreateRegistryKey',
'ZwEnumerateKey',
'KeClearEvent',
'KeInitializeMutex',
'KeSetEvent',
'KeInitializeEvent',
'KeReleaseSpinLock',
'KeReleaseMutex',
'KeWaitForSingleObject',
'KeAcquireSpinLockRaiseToDpc',
'IoBuildSynchronousFsdRequest',
'IoFreeWorkItem',
'IoAllocateWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoInitializeIrp',
'IoCreateSynchronizationEvent',
'ZwClose',
'ExEventObjectType',
'ObReferenceObjectByHandle',
'IoRegisterPlugPlayNotification',
'IoDetachDevice',
'PoSetPowerState',
'IoUnregisterPlugPlayNotification',
'towlower',
'ZwOpenKey',
'RtlUnicodeStringToAnsiString',
'RtlFreeAnsiString',
'KeInitializeDpc',
'KeInsertQueueDpc',
'KeSynchronizeExecution',
'MmUnmapLockedPages',
'ExFreePoolWithTag',
'MmBuildMdlForNonPagedPool',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'IoAllocateMdl',
'swprintf',
'PoRequestPowerIrp',
'IoCreateNotificationEvent',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'ZwCreateSection',
'ExQueueWorkItem',
'KeInitializeTimer',
'KeSetTimer',
'KeCancelTimer',
'KeSetTimerEx',
'ExAllocatePoolWithTag',
'IoBuildDeviceIoControlRequest',
'RtlAnsiStringToUnicodeString',
'RtlIntegerToUnicodeString',
'RtlInitAnsiString',
'KeDelayExecutionThread',
'RtlFreeUnicodeString',
'RtlAppendUnicodeStringToString',
'RtlCopyString',
'RtlCopyUnicodeString',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'IoCancelIrp',
'IoReleaseRemoveLockEx',
'RtlInitUnicodeString',
'PoRegisterSystemState',
'PoUnregisterSystemState',
'IoAcquireRemoveLockEx',
'KeQueryTimeIncrement',
'sprintf',
'wcsstr',
'_purecall',
'__C_specific_handler',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionBind',
'WdfVersionBindClass',
'WdfVersionUnbind',
'WdfVersionUnbindClass'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 97,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 960,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 7680,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 3584,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 249344,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/36d0d1d1ed96e71b90e2e15da0189b2bbf6f69c21a0e63ee1be706b262c25482'},
'36f6591c97f2ee32237077895f909f4c334a6ec164f460f2055fc870066245e2': {'AddressOfEntryPoint': 308553,
'DebugRVA': 6240,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'ControlTraceW',
'COMCTL32.dll': 'ImageList_Destroy',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'CloseHandle',
'OLEAUT32.dll': 'SysStringLen',
'SHELL32.dll': 'CommandLineToArgvW',
'SPP.dll': 'SppFreeExternalGroupPropArray',
'SRCORE.dll': 'SrFreeRestoreStatus',
'USER32.dll': 'InflateRect',
'msvcrt.dll': 'memmove',
'ntdll.dll': 'RtlNtStatusToDosError',
'ole32.dll': 'CoUninitialize'},
'ImportedFunctions': ['TraceMessage',
'GetTraceLoggerHandle',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'RegisterTraceGuidsW',
'UnregisterTraceGuids',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'RegOpenKeyExW',
'CloseTrace',
'InitiateShutdownW',
'OpenSCManagerW',
'OpenServiceW',
'ControlService',
'OpenProcessToken',
'RegCloseKey',
'CloseServiceHandle',
'CreateWellKnownSid',
'CheckTokenMembership',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'StartTraceW',
'EnableTrace',
'GetTokenInformation',
'RegQueryValueExW',
'RegQueryInfoKeyW',
'InitializeSecurityDescriptor',
'SetEntriesInAclW',
'SetSecurityDescriptorOwner',
'SetSecurityDescriptorGroup',
'SetSecurityDescriptorDacl',
'DuplicateToken',
'DuplicateTokenEx',
'RegisterEventSourceW',
'ReportEventW',
'DeregisterEventSource',
'ControlTraceW',
'FileTimeToLocalFileTime',
'GetTimeFormatW',
'GetDateFormatW',
'GetUserDefaultLCID',
'GetLocaleInfoW',
'FindVolumeClose',
'FindNextVolumeW',
'FindFirstVolumeW',
'GetWindowsDirectoryW',
'GetVolumeNameForVolumeMountPointW',
'GetVolumePathNameW',
'GetVolumePathNamesForVolumeNameW',
'ExpandEnvironmentStringsW',
'GetVolumeInformationW',
'GetDriveTypeW',
'MoveFileExW',
'DeviceIoControl',
'FileTimeToSystemTime',
'FindNextFileW',
'FindFirstFileW',
'FormatMessageW',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'GetModuleHandleW',
'SetUnhandledExceptionFilter',
'GetStartupInfoW',
'Sleep',
'InitializeCriticalSection',
'CreateFileW',
'EncodePointer',
'DecodePointer',
'GetProcAddress',
'DeleteCriticalSection',
'SetLastError',
'HeapSetInformation',
'SetErrorMode',
'CreateEventW',
'WaitForSingleObject',
'SetEvent',
'RegisterApplicationRestart',
'GetCurrentProcess',
'GlobalFree',
'GetCommandLineW',
'CreateProcessW',
'CreateThread',
'OpenProcess',
'GetSystemTimeAsFileTime',
'LoadLibraryW',
'FreeLibrary',
'GetFileAttributesW',
'DeleteFileW',
'CreateDirectoryW',
'SetThreadPreferredUILanguages',
'GetTimeZoneInformation',
'LoadLibraryExW',
'InitializeCriticalSectionAndSpinCount',
'EnterCriticalSection',
'LeaveCriticalSection',
'FindClose',
'GetLastError',
'LocalFree',
'CloseHandle',
'SetBkMode',
'DeleteDC',
'GdiFlush',
'SelectObject',
'SetLayout',
'CreateCompatibleDC',
'ExtTextOutW',
'SetBkColor',
'CreateDIBSection',
'GetDeviceCaps',
'CreateFontIndirectW',
'SetTextColor',
'DeleteObject',
'GetDesktopWindow',
'GetWindowThreadProcessId',
'EnumWindows',
'MessageBoxW',
'SendMessageTimeoutW',
'EndPaint',
'MapWindowPoints',
'CopyRect',
'GetWindowTextW',
'GetWindowRect',
'BeginPaint',
'GetAncestor',
'GetClassNameW',
'GetDlgItemTextW',
'SetDlgItemTextW',
'MsgWaitForMultipleObjectsEx',
'DispatchMessageW',
'PeekMessageW',
'LoadStringW',
'SystemParametersInfoW',
'LoadIconW',
'SetForegroundWindow',
'CreateDialogParamW',
'ShowWindow',
'DestroyWindow',
'DialogBoxParamW',
'RegisterWindowMessageW',
'GetDC',
'ReleaseDC',
'SetWindowLongPtrW',
'PostMessageW',
'GetParent',
'GetDlgItem',
'GetSystemMetrics',
'GetSysColor',
'SetWindowPos',
'GetSysColorBrush',
'EndDialog',
'SetFocus',
'GetKeyState',
'SetWindowLongW',
'GetWindowLongW',
'UpdateWindow',
'GetClientRect',
'SetWindowTextW',
'SetClassLongPtrW',
'GetWindowLongPtrW',
'IsWindow',
'CallWindowProcW',
'SendMessageW',
'EnableWindow',
'DrawFrameControl',
'OffsetRect',
'InflateRect',
'wcschr',
'_wcsnicmp',
'_wcsicmp',
'??2@YAPEAX_K@Z',
'__getmainargs',
'__C_specific_handler',
'_XcptFilter',
'_exit',
'_ismbblead',
'_cexit',
'exit',
'_acmdln',
'_initterm',
'??3@YAXPEAX@Z',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'?terminate@@YAXXZ',
'memset',
'memcmp',
'iswspace',
'_amsg_exit',
'_vscwprintf',
'memcpy',
'_vsnwprintf',
'strchr',
'memmove',
'ShellExecuteExW',
'SHGetStockIconInfo',
'CommandLineToArgvW',
'CoCreateInstance',
'CoTaskMemAlloc',
'CLSIDFromString',
'CoInitializeSecurity',
'CoTaskMemRealloc',
'CoInitializeEx',
'CoTaskMemFree',
'CoUninitialize',
'SysFreeString',
'SysAllocString',
'SysStringLen',
'CreatePropertySheetPageW',
'PropertySheetW',
'DestroyPropertySheetPage',
'InitCommonControlsEx',
'ImageList_Create',
'ImageList_Add',
'ImageList_AddMasked',
'ImageList_Destroy',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlLookupElementGenericTableAvl',
'RtlInsertElementGenericTableAvl',
'RtlInitializeGenericTableAvl',
'RtlEnumerateGenericTableAvl',
'RtlDeleteElementGenericTableAvl',
'WinSqmAddToStreamEx',
'WinSqmIncrementDWORD',
'WinSqmAddToStream',
'NtShutdownSystem',
'RtlGetLastNtStatus',
'RtlVirtualUnwind',
'EtwTraceMessage',
'RtlNtStatusToDosError',
'SrFreeRpPropArray',
'SrFreeRestoreStatus',
'SxTracerDebuggerBreak',
'SxTracerShouldTrackFailure',
'SxTracerGetThreadContextRetail',
'SppFreeExternalGroupPropArray'],
'LinkerVersion': 9,
'NumberOfImportDLL': 12,
'NumberOfImportFunctions': 244,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 106728,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 4096,
'.reloc\x00\x00': 28672,
'.rsrc\x00\x00\x00': 107008,
'.text\x00\x00\x00': 181760,
'afaqowd\x00': 0},
'StackReserveSize': 524288,
'filename': './data/malware/36f6591c97f2ee32237077895f909f4c334a6ec164f460f2055fc870066245e2'},
'3716ffe86a444de25dc44d6d002388fdc65a4d8bdcff5564b828f5e8517e3b32': {'AddressOfEntryPoint': 302128,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 377136,
'ExportSize': 251,
'IATRVA': 307200,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_BeginDrag',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'GetTickCount',
'MSVCRT.dll': 'strlen',
'SETUPAPI.dll': 'SetupDiEnumDeviceInfo',
'SHELL32.dll': 'SHBrowseForFolderA',
'USER32.dll': 'CopyRect',
'VERSION.dll': 'GetFileVersionInfoSizeA',
'WS2_32.dll': 'WSAStartup',
'comdlg32.dll': 'ChooseColorA',
'ole32.dll': 'CoInitializeEx'},
'ImportedFunctions': ['socket',
'setsockopt',
'bind',
'recv',
'closesocket',
'WSAStartup',
'GetFileVersionInfoA',
'VerQueryValueA',
'GetFileVersionInfoSizeA',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiGetClassDevsA',
'SetupDiClassGuidsFromNameA',
'SetupDiSetDeviceRegistryPropertyA',
'SetupDiSetClassInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiEnumDeviceInfo',
'?terminate@@YAXXZ',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_initterm',
'__getmainargs',
'_acmdln',
'exit',
'_cexit',
'_ismbblead',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'_onexit',
'__dllonexit',
'??1type_info@@UEAA@XZ',
'mktime',
'_mbsnbcpy',
'_mbsnbcat',
'_mbschr',
'_purecall',
'strrchr',
'??_U@YAPEAX_K@Z',
'??_V@YAXPEAX@Z',
'fputc',
'_ftime',
'ctime',
'_strdup',
'atoi',
'_mbscmp',
'fflush',
'??2@YAPEAX_K@Z',
'??3@YAXPEAX@Z',
'memcpy',
'isxdigit',
'strstr',
'isdigit',
'toupper',
'strncmp',
'fgetc',
'strtoul',
'_stricmp',
'isspace',
'sscanf',
'memcmp',
'srand',
'fprintf',
'vsprintf',
'fgets',
'strcmp',
'fseek',
'_splitpath',
'fopen',
'fclose',
'rand',
'__CxxFrameHandler',
'memset',
'localtime',
'asctime',
'strcpy',
'gmtime',
'sprintf',
'strcat',
'strncpy',
'_endthread',
'_beginthreadex',
'free',
'malloc',
'_setmbcp',
'_strupr',
'strlen',
'SetCommState',
'GetStartupInfoA',
'GetEnvironmentVariableA',
'GetLocaleInfoA',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetExitCodeProcess',
'FindFirstFileA',
'FindClose',
'CreateProcessA',
'MulDiv',
'ClearCommError',
'ReadFile',
'WriteFile',
'GetOverlappedResult',
'SetupComm',
'GetCommState',
'TlsAlloc',
'SetCommTimeouts',
'SetCommMask',
'EscapeCommFunction',
'PurgeComm',
'DeviceIoControl',
'CreateFileA',
'GetWindowsDirectoryA',
'GetModuleFileNameA',
'CopyFileA',
'GetSystemDirectoryA',
'DeleteFileA',
'CreateDirectoryA',
'GlobalAlloc',
'GlobalLock',
'GlobalUnlock',
'GlobalReAlloc',
'GlobalFree',
'GetComputerNameA',
'CreateThread',
'SetCurrentDirectoryA',
'GetCurrentDirectoryA',
'CreateMutexA',
'OpenProcess',
'ReleaseMutex',
'TerminateThread',
'ResetEvent',
'CloseHandle',
'DeleteCriticalSection',
'GetVersionExA',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'SetLastError',
'EnterCriticalSection',
'LeaveCriticalSection',
'TlsGetValue',
'SetEvent',
'WaitForSingleObject',
'TlsSetValue',
'CreateEventA',
'Sleep',
'InitializeCriticalSection',
'GetTickCount',
'FindWindowA',
'SetClipboardData',
'CloseClipboard',
'EmptyClipboard',
'CheckMenuItem',
'GetSubMenu',
'UpdateWindow',
'OpenClipboard',
'UnregisterDeviceNotification',
'RegisterDeviceNotificationA',
'RemoveMenu',
'LoadMenuA',
'GetMenu',
'SetMenu',
'IsZoomed',
'InvalidateRect',
'GetWindowLongA',
'ReleaseCapture',
'SetCapture',
'SetWindowTextA',
'GetSysColorBrush',
'SystemParametersInfoA',
'EndDeferWindowPos',
'BeginDeferWindowPos',
'FillRect',
'GetClassLongPtrA',
'GetKeyState',
'wsprintfA',
'IsRectEmpty',
'PtInRect',
'InflateRect',
'OffsetRect',
'ClientToScreen',
'GetDCEx',
'RegisterClipboardFormatA',
'CharNextA',
'LoadIconA',
'GetWindowRect',
'LoadBitmapA',
'LoadCursorA',
'GetParent',
'GetLastActivePopup',
'ReleaseDC',
'GetDC',
'GetClientRect',
'PostMessageA',
'AppendMenuA',
'CreatePopupMenu',
'IsMenu',
'GetCursorPos',
'GetSysColor',
'EnableWindow',
'GetWindow',
'RedrawWindow',
'SendMessageA',
'RegisterWindowMessageA',
'CopyRect',
'CreateFontA',
'PatBlt',
'GetTextColor',
'StretchBlt',
'CreateCompatibleDC',
'GetObjectA',
'SelectObject',
'CreateFontIndirectA',
'GetTextMetricsA',
'GetDeviceCaps',
'ChooseColorA',
'RegCreateKeyExA',
'RegSetValueExA',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegDeleteKeyA',
'RegEnumKeyExA',
'RegCloseKey',
'SHGetMalloc',
'SHGetPathFromIDListA',
'SHBrowseForFolderA',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_SetDragCursorImage',
'ImageList_DragShowNolock',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_BeginDrag',
'CoUninitialize',
'CoInitializeEx'],
'LinkerVersion': 8,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 239,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 51976,
'SectionNames': {'.data\x00\x00\x00': 62464,
'.pdata\x00\x00': 14848,
'.rdata\x00\x00': 70656,
'.rsrc\x00\x00\x00': 62976,
'.text\x00\x00\x00': 302592},
'StackReserveSize': 1048576,
'filename': './data/malware/3716ffe86a444de25dc44d6d002388fdc65a4d8bdcff5564b828f5e8517e3b32'},
'3773a767edad25f74163507049902b7b0a8e3a8c57b052bab00256d05aeae306': {'AddressOfEntryPoint': 64200,
'DebugRVA': 400492,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 401408,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'EventWrite',
'COMCTL32.dll': 'PropertySheetW',
'GDI32.dll': 'SetBkColor',
'KERNEL32.dll': 'InitializeCriticalSection',
'OLEAUT32.dll': 'VariantInit',
'RPCRT4.dll': 'UuidCreate',
'SHELL32.dll': 'ShellExecuteExW',
'USER32.dll': 'DestroyWindow',
'UxTheme.dll': 'IsThemeActive',
'VERSION.dll': 'GetFileVersionInfoExW',
'WINMM.dll': 'timeGetTime',
'gdiplus.dll': 'GdipGetImageGraphicsContext',
'msvcrt.dll': '_wcsrev',
'ntdll.dll': 'NtQueryLicenseValue',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['SHGetSpecialFolderPathW',
'SHGetFolderPathW',
'ShellAboutW',
'ShellExecuteExW',
'GdipCloneImage',
'GdipCreateBitmapFromScan0',
'GdipCreateHBITMAPFromBitmap',
'GdipCreateFromHDC',
'GdipDrawImageRectI',
'GdipCreateBitmapFromHBITMAP',
'GdipCloneBitmapAreaI',
'GdipSetPageUnit',
'GdipFillRectangleI',
'GdipDeletePen',
'GdipCreatePen1',
'GdipDisposeImage',
'GdipCreateSolidFill',
'GdipDeleteBrush',
'GdipAlloc',
'GdipFree',
'GdiplusShutdown',
'GdiplusStartup',
'GdipDrawArcI',
'GdipSetSmoothingMode',
'GdipSetInterpolationMode',
'GdipDeleteGraphics',
'GdipDrawLineI',
'GdipGetImageGraphicsContext',
'RegEnumKeyExW',
'RegOpenKeyExW',
'RegEnumValueW',
'RegGetValueW',
'RegDeleteKeyW',
'RegQueryInfoKeyW',
'RegQueryValueExW',
'RegSetValueExW',
'QueryServiceConfigW',
'OpenServiceW',
'OpenSCManagerW',
'CloseServiceHandle',
'EventUnregister',
'EventRegister',
'RegCloseKey',
'RegCreateKeyExW',
'EventWrite',
'SysFreeString',
'SysAllocStringByteLen',
'VariantClear',
'SysStringLen',
'SysAllocString',
'VariantInit',
'IsThemeActive',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'ImageList_Destroy',
'ImageList_Create',
'ImageList_Add',
'CreatePropertySheetPageW',
'PropertySheetW',
'WinSqmAddToStreamEx',
'RtlInitUnicodeString',
'WinSqmAddToStream',
'WinSqmIncrementDWORD',
'NtQueryLicenseValue',
'lstrlenA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'WideCharToMultiByte',
'GetVersionExA',
'DeleteCriticalSection',
'GetCurrentProcessId',
'LeaveCriticalSection',
'GetModuleHandleW',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'FindResourceExW',
'GetSystemTime',
'WaitForSingleObject',
'CreateEventW',
'CreateThread',
'ResetEvent',
'SetEvent',
'CloseHandle',
'GlobalSize',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'lstrcmpW',
'MulDiv',
'GlobalFindAtomW',
'GetLastError',
'MultiByteToWideChar',
'GetLocalTime',
'GetDateFormatW',
'GetLocaleInfoW',
'WritePrivateProfileStringW',
'GetPrivateProfileStringW',
'lstrcmpiW',
'LoadLibraryW',
'GetProcAddress',
'GetLocaleInfoEx',
'FreeLibrary',
'LoadLibraryExA',
'DelayLoadFailureHook',
'HeapAlloc',
'GetCurrentProcess',
'HeapFree',
'GetProcessHeap',
'Wow64DisableWow64FsRedirection',
'GetVersionExW',
'Wow64RevertWow64FsRedirection',
'GetFileAttributesW',
'GetModuleFileNameW',
'FreeLibraryAndExitThread',
'IsWow64Process',
'LocalFree',
'LocalAlloc',
'LocalReAlloc',
'GetProfileStringW',
'lstrlenW',
'CompareStringW',
'RegisterApplicationRecoveryCallback',
'ApplicationRecoveryInProgress',
'Sleep',
'ApplicationRecoveryFinished',
'RegisterApplicationRestart',
'GetTempFileNameW',
'SystemTimeToFileTime',
'CompareFileTime',
'FileTimeToSystemTime',
'CreateFileW',
'DeleteFileW',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'HeapDestroy',
'HeapReAlloc',
'HeapSize',
'RaiseException',
'EnterCriticalSection',
'InitializeCriticalSection',
'SetWindowLongW',
'SetWindowLongPtrW',
'GetWindowLongPtrW',
'EnableWindow',
'GetWindowTextLengthW',
'GetWindowTextW',
'PostMessageW',
'IsWindowEnabled',
'CharNextA',
'IsClipboardFormatAvailable',
'GetMenuState',
'GetFocus',
'OpenClipboard',
'GetClipboardData',
'InvalidateRect',
'CloseClipboard',
'EmptyClipboard',
'SetClipboardData',
'PostQuitMessage',
'DefWindowProcW',
'LoadAcceleratorsW',
'InsertMenuItemW',
'RegisterClassExW',
'SetWindowPlacement',
'SetForegroundWindow',
'GetMessageW',
'TranslateAcceleratorW',
'GetMessageExtraInfo',
'TranslateMessage',
'DispatchMessageW',
'GetKeyState',
'IsDialogMessageW',
'GetClassNameW',
'GetDC',
'ReleaseDC',
'GetSystemMetrics',
'GetWindowLongW',
'DrawTextW',
'EnumChildWindows',
'SetPropW',
'SystemParametersInfoW',
'GetWindowPlacement',
'UpdateWindow',
'SendDlgItemMessageW',
'IsDlgButtonChecked',
'MoveWindow',
'SetDlgItemInt',
'GetDlgItemInt',
'SetClassLongW',
'GetNextDlgTabItem',
'MonitorFromWindow',
'GetMonitorInfoW',
'OffsetRect',
'EqualRect',
'MonitorFromRect',
'GetClassWord',
'EnumDesktopWindows',
'EnumDisplayMonitors',
'IntersectRect',
'CopyRect',
'CreateDialogParamW',
'GetProcessDefaultLayout',
'CreatePopupMenu',
'TrackPopupMenu',
'GetAncestor',
'FindWindowW',
'DialogBoxParamW',
'CheckMenuItem',
'GetSysColor',
'SetClassLongPtrW',
'GetClassLongPtrW',
'EndDialog',
'SetWindowPos',
'GetDlgItem',
'GetWindowRect',
'SendMessageW',
'MessageBeep',
'LoadCursorW',
'SetCursor',
'DrawMenuBar',
'SetMenuItemInfoW',
'AppendMenuW',
'LoadStringW',
'GetSubMenu',
'RemoveMenu',
'CheckMenuRadioItem',
'SetFocus',
'MapWindowPoints',
'EnableMenuItem',
'GetParent',
'GetMenu',
'GetClientRect',
'LoadImageW',
'UnregisterClassA',
'FillRect',
'SetWindowTextW',
'ShowWindow',
'CreateWindowExW',
'CheckRadioButton',
'DestroyWindow',
'UuidToStringW',
'RpcStringFreeW',
'UuidCreate',
'timeGetTime',
'VerQueryValueW',
'GetFileVersionInfoSizeExW',
'GetFileVersionInfoExW',
'CreatePatternBrush',
'DeleteObject',
'SetBkMode',
'SelectObject',
'GetTextExtentPointW',
'DeleteDC',
'GetRgnBox',
'CreateSolidBrush',
'GetTextMetricsW',
'GetTextExtentPoint32W',
'GetObjectW',
'ExtCreatePen',
'MoveToEx',
'LineTo',
'CreateCompatibleBitmap',
'CreateRectRgn',
'CreateRectRgnIndirect',
'SetRectRgn',
'CombineRgn',
'EqualRgn',
'CreateDIBSection',
'CreateFontIndirectW',
'CreateCompatibleDC',
'GetDeviceCaps',
'SetTextColor',
'GetStockObject',
'SetBkColor',
'_wcsdup',
'_i64tow_s',
'_wtoi64',
'sprintf_s',
'_strtoi64',
'_strtoui64',
'memchr',
'strcspn',
'wcsrchr',
'wcstoul',
'isalpha',
'time',
'difftime',
'memmove',
'memset',
'__C_specific_handler',
'??0exception@@QEAA@AEBQEBDH@Z',
'_CxxThrowException',
'_callnewh',
'__CxxFrameHandler3',
'setlocale',
'__pctype_func',
'___lc_codepage_func',
'___lc_handle_func',
'localeconv',
'_errno',
'___mb_cur_max_func',
'__mb_cur_max',
'__crtGetStringTypeW',
'__crtLCMapStringW',
'__uncaught_exception',
'tolower',
'isspace',
'abort',
'isalnum',
'__getmainargs',
'_XcptFilter',
'_exit',
'_ismbblead',
'_cexit',
'_acmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'??1type_info@@UEAA@XZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'?terminate@@YAXXZ',
'iswalpha',
'iswdigit',
'_wcslwr_s',
'_wcsnicmp',
'wcsncmp',
'_itow_s',
'calloc',
'wcschr',
'_wcsicmp',
'_itoa',
'_wtoi',
'_vsnwprintf',
'wcscat_s',
'wcscpy_s',
'wcstol',
'mbstowcs_s',
'exit',
'isdigit',
'isxdigit',
'toupper',
'_purecall',
'malloc',
'??0exception@@QEAA@XZ',
'memmove_s',
'??0exception@@QEAA@AEBQEBD@Z',
'??1exception@@UEAA@XZ',
'?what@exception@@UEBAPEBDXZ',
'memcpy_s',
'??0exception@@QEAA@AEBV0@@Z',
'free',
'memcpy',
'_wcsrev'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 370,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 403352,
'SectionNames': {'.data\x00\x00\x00': 19968,
'.pdata\x00\x00': 26112,
'.rdata\x00\x00': 69632,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 403456,
'.text\x00\x00\x00': 396800},
'StackReserveSize': 524288,
'filename': './data/malware/3773a767edad25f74163507049902b7b0a8e3a8c57b052bab00256d05aeae306'},
'37a1a31a031414bbcbd7b7a7c16026f7af003b2c4b1786aa1bc0b93e86aff8d5': {'AddressOfEntryPoint': 5016,
'DebugRVA': 4480,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 2845508,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2845696,
'.text\x00\x00\x00': 7680},
'StackReserveSize': 524288,
'filename': './data/malware/37a1a31a031414bbcbd7b7a7c16026f7af003b2c4b1786aa1bc0b93e86aff8d5'},
'3826ea17aad6bc70c25325cbc5084933add96972498d4a17d780ad5d33b0e165': {'AddressOfEntryPoint': 34908,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'EnumProcessModules'},
'ImportedFunctions': ['GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'Sleep',
'OpenProcess',
'GetExitCodeProcess',
'TerminateProcess',
'CloseHandle',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'CreateFileW',
'CreateThread',
'GetCurrentProcess',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetModuleFileNameW',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 58880},
'StackReserveSize': 1048576,
'filename': './data/malware/3826ea17aad6bc70c25325cbc5084933add96972498d4a17d780ad5d33b0e165'},
'38307a004e8d5680b6ef191fcf2cce0d32a19d44fc4bfbc180b2869095783f80': {'AddressOfEntryPoint': 332451,
'DebugRVA': 400492,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 401408,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'EventWrite',
'COMCTL32.dll': 'PropertySheetW',
'GDI32.dll': 'SetBkColor',
'KERNEL32.dll': 'InitializeCriticalSection',
'OLEAUT32.dll': 'VariantInit',
'RPCRT4.dll': 'UuidCreate',
'SHELL32.dll': 'ShellExecuteExW',
'USER32.dll': 'DestroyWindow',
'UxTheme.dll': 'IsThemeActive',
'VERSION.dll': 'GetFileVersionInfoExW',
'WINMM.dll': 'timeGetTime',
'gdiplus.dll': 'GdipGetImageGraphicsContext',
'msvcrt.dll': '_wcsrev',
'ntdll.dll': 'NtQueryLicenseValue',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['SHGetSpecialFolderPathW',
'SHGetFolderPathW',
'ShellAboutW',
'ShellExecuteExW',
'GdipCloneImage',
'GdipCreateBitmapFromScan0',
'GdipCreateHBITMAPFromBitmap',
'GdipCreateFromHDC',
'GdipDrawImageRectI',
'GdipCreateBitmapFromHBITMAP',
'GdipCloneBitmapAreaI',
'GdipSetPageUnit',
'GdipFillRectangleI',
'GdipDeletePen',
'GdipCreatePen1',
'GdipDisposeImage',
'GdipCreateSolidFill',
'GdipDeleteBrush',
'GdipAlloc',
'GdipFree',
'GdiplusShutdown',
'GdiplusStartup',
'GdipDrawArcI',
'GdipSetSmoothingMode',
'GdipSetInterpolationMode',
'GdipDeleteGraphics',
'GdipDrawLineI',
'GdipGetImageGraphicsContext',
'RegEnumKeyExW',
'RegOpenKeyExW',
'RegEnumValueW',
'RegGetValueW',
'RegDeleteKeyW',
'RegQueryInfoKeyW',
'RegQueryValueExW',
'RegSetValueExW',
'QueryServiceConfigW',
'OpenServiceW',
'OpenSCManagerW',
'CloseServiceHandle',
'EventUnregister',
'EventRegister',
'RegCloseKey',
'RegCreateKeyExW',
'EventWrite',
'SysFreeString',
'SysAllocStringByteLen',
'VariantClear',
'SysStringLen',
'SysAllocString',
'VariantInit',
'IsThemeActive',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'ImageList_Destroy',
'ImageList_Create',
'ImageList_Add',
'CreatePropertySheetPageW',
'PropertySheetW',
'WinSqmAddToStreamEx',
'RtlInitUnicodeString',
'WinSqmAddToStream',
'WinSqmIncrementDWORD',
'NtQueryLicenseValue',
'lstrlenA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'WideCharToMultiByte',
'GetVersionExA',
'DeleteCriticalSection',
'GetCurrentProcessId',
'LeaveCriticalSection',
'GetModuleHandleW',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'FindResourceExW',
'GetSystemTime',
'WaitForSingleObject',
'CreateEventW',
'CreateThread',
'ResetEvent',
'SetEvent',
'CloseHandle',
'GlobalSize',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'lstrcmpW',
'MulDiv',
'GlobalFindAtomW',
'GetLastError',
'MultiByteToWideChar',
'GetLocalTime',
'GetDateFormatW',
'GetLocaleInfoW',
'WritePrivateProfileStringW',
'GetPrivateProfileStringW',
'lstrcmpiW',
'LoadLibraryW',
'GetProcAddress',
'GetLocaleInfoEx',
'FreeLibrary',
'LoadLibraryExA',
'DelayLoadFailureHook',
'HeapAlloc',
'GetCurrentProcess',
'HeapFree',
'GetProcessHeap',
'Wow64DisableWow64FsRedirection',
'GetVersionExW',
'Wow64RevertWow64FsRedirection',
'GetFileAttributesW',
'GetModuleFileNameW',
'FreeLibraryAndExitThread',
'IsWow64Process',
'LocalFree',
'LocalAlloc',
'LocalReAlloc',
'GetProfileStringW',
'lstrlenW',
'CompareStringW',
'RegisterApplicationRecoveryCallback',
'ApplicationRecoveryInProgress',
'Sleep',
'ApplicationRecoveryFinished',
'RegisterApplicationRestart',
'GetTempFileNameW',
'SystemTimeToFileTime',
'CompareFileTime',
'FileTimeToSystemTime',
'CreateFileW',
'DeleteFileW',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'HeapDestroy',
'HeapReAlloc',
'HeapSize',
'RaiseException',
'EnterCriticalSection',
'InitializeCriticalSection',
'SetWindowLongW',
'SetWindowLongPtrW',
'GetWindowLongPtrW',
'EnableWindow',
'GetWindowTextLengthW',
'GetWindowTextW',
'PostMessageW',
'IsWindowEnabled',
'CharNextA',
'IsClipboardFormatAvailable',
'GetMenuState',
'GetFocus',
'OpenClipboard',
'GetClipboardData',
'InvalidateRect',
'CloseClipboard',
'EmptyClipboard',
'SetClipboardData',
'PostQuitMessage',
'DefWindowProcW',
'LoadAcceleratorsW',
'InsertMenuItemW',
'RegisterClassExW',
'SetWindowPlacement',
'SetForegroundWindow',
'GetMessageW',
'TranslateAcceleratorW',
'GetMessageExtraInfo',
'TranslateMessage',
'DispatchMessageW',
'GetKeyState',
'IsDialogMessageW',
'GetClassNameW',
'GetDC',
'ReleaseDC',
'GetSystemMetrics',
'GetWindowLongW',
'DrawTextW',
'EnumChildWindows',
'SetPropW',
'SystemParametersInfoW',
'GetWindowPlacement',
'UpdateWindow',
'SendDlgItemMessageW',
'IsDlgButtonChecked',
'MoveWindow',
'SetDlgItemInt',
'GetDlgItemInt',
'SetClassLongW',
'GetNextDlgTabItem',
'MonitorFromWindow',
'GetMonitorInfoW',
'OffsetRect',
'EqualRect',
'MonitorFromRect',
'GetClassWord',
'EnumDesktopWindows',
'EnumDisplayMonitors',
'IntersectRect',
'CopyRect',
'CreateDialogParamW',
'GetProcessDefaultLayout',
'CreatePopupMenu',
'TrackPopupMenu',
'GetAncestor',
'FindWindowW',
'DialogBoxParamW',
'CheckMenuItem',
'GetSysColor',
'SetClassLongPtrW',
'GetClassLongPtrW',
'EndDialog',
'SetWindowPos',
'GetDlgItem',
'GetWindowRect',
'SendMessageW',
'MessageBeep',
'LoadCursorW',
'SetCursor',
'DrawMenuBar',
'SetMenuItemInfoW',
'AppendMenuW',
'LoadStringW',
'GetSubMenu',
'RemoveMenu',
'CheckMenuRadioItem',
'SetFocus',
'MapWindowPoints',
'EnableMenuItem',
'GetParent',
'GetMenu',
'GetClientRect',
'LoadImageW',
'UnregisterClassA',
'FillRect',
'SetWindowTextW',
'ShowWindow',
'CreateWindowExW',
'CheckRadioButton',
'DestroyWindow',
'UuidToStringW',
'RpcStringFreeW',
'UuidCreate',
'timeGetTime',
'VerQueryValueW',
'GetFileVersionInfoSizeExW',
'GetFileVersionInfoExW',
'CreatePatternBrush',
'DeleteObject',
'SetBkMode',
'SelectObject',
'GetTextExtentPointW',
'DeleteDC',
'GetRgnBox',
'CreateSolidBrush',
'GetTextMetricsW',
'GetTextExtentPoint32W',
'GetObjectW',
'ExtCreatePen',
'MoveToEx',
'LineTo',
'CreateCompatibleBitmap',
'CreateRectRgn',
'CreateRectRgnIndirect',
'SetRectRgn',
'CombineRgn',
'EqualRgn',
'CreateDIBSection',
'CreateFontIndirectW',
'CreateCompatibleDC',
'GetDeviceCaps',
'SetTextColor',
'GetStockObject',
'SetBkColor',
'_wcsdup',
'_i64tow_s',
'_wtoi64',
'sprintf_s',
'_strtoi64',
'_strtoui64',
'memchr',
'strcspn',
'wcsrchr',
'wcstoul',
'isalpha',
'time',
'difftime',
'memmove',
'memset',
'__C_specific_handler',
'??0exception@@QEAA@AEBQEBDH@Z',
'_CxxThrowException',
'_callnewh',
'__CxxFrameHandler3',
'setlocale',
'__pctype_func',
'___lc_codepage_func',
'___lc_handle_func',
'localeconv',
'_errno',
'___mb_cur_max_func',
'__mb_cur_max',
'__crtGetStringTypeW',
'__crtLCMapStringW',
'__uncaught_exception',
'tolower',
'isspace',
'abort',
'isalnum',
'__getmainargs',
'_XcptFilter',
'_exit',
'_ismbblead',
'_cexit',
'_acmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'??1type_info@@UEAA@XZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'?terminate@@YAXXZ',
'iswalpha',
'iswdigit',
'_wcslwr_s',
'_wcsnicmp',
'wcsncmp',
'_itow_s',
'calloc',
'wcschr',
'_wcsicmp',
'_itoa',
'_wtoi',
'_vsnwprintf',
'wcscat_s',
'wcscpy_s',
'wcstol',
'mbstowcs_s',
'exit',
'isdigit',
'isxdigit',
'toupper',
'_purecall',
'malloc',
'??0exception@@QEAA@XZ',
'memmove_s',
'??0exception@@QEAA@AEBQEBD@Z',
'??1exception@@UEAA@XZ',
'?what@exception@@UEBAPEBDXZ',
'memcpy_s',
'??0exception@@QEAA@AEBV0@@Z',
'free',
'memcpy',
'_wcsrev'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 370,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 403352,
'SectionNames': {'.data\x00\x00\x00': 19968,
'.pdata\x00\x00': 26112,
'.rdata\x00\x00': 69632,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 403456,
'.text\x00\x00\x00': 396800},
'StackReserveSize': 524288,
'filename': './data/malware/38307a004e8d5680b6ef191fcf2cce0d32a19d44fc4bfbc180b2869095783f80'},
'388c4d430259d15ce9d9fe6e8abb79351538d6e1f2d4327d8c6497c7c486645a': {'AddressOfEntryPoint': 121744,
'DebugRVA': 95104,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 94208,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'CLASSPNP.SYS': 'ClassFindModePage',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoSetDeviceInterfaceState',
'RtlInitUnicodeString',
'IoDeleteDevice',
'KeSetEvent',
'IoFreeWorkItem',
'KeInitializeEvent',
'RtlInitAnsiString',
'PoRequestPowerIrp',
'KeEnterCriticalRegion',
'PoSetPowerState',
'RtlFreeUnicodeString',
'wcsstr',
'ZwQueryValueKey',
'IoAllocateWorkItem',
'ZwClose',
'KeWaitForSingleObject',
'IoFreeIrp',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoQueueWorkItem',
'IoGetDeviceProperty',
'ObReferenceObjectByPointer',
'IoInvalidateDeviceState',
'ZwOpenKey',
'NlsMbCodePageTag',
'IoInitializeTimer',
'IoSetHardErrorOrVerifyDevice',
'IoStartTimer',
'IoIs32bitProcess',
'IoInvalidateDeviceRelations',
'IoFreeMdl',
'RtlxAnsiStringToUnicodeSize',
'IoStopTimer',
'MmProbeAndLockPages',
'IoRegisterDeviceInterface',
'KeResetEvent',
'IoBuildSynchronousFsdRequest',
'ExpInterlockedPopEntrySList',
'MmMapLockedPagesSpecifyCache',
'RtlCompareMemory',
'ObfReferenceObject',
'IoAcquireRemoveLockEx',
'IoGetConfigurationInformation',
'IoBuildDeviceIoControlRequest',
'ZwCreateKey',
'IoDeleteSymbolicLink',
'IoAllocateDriverObjectExtension',
'RtlIntegerToUnicodeString',
'ZwCreateDirectoryObject',
'ZwSetValueKey',
'IoDetachDevice',
'MmUnmapIoSpace',
'IoGetDeviceObjectPointer',
'MmMapIoSpace',
'RtlAppendUnicodeStringToString',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoIsWdmVersionAvailable',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoGetDriverObjectExtension',
'KeClearEvent',
'PsCreateSystemThread',
'ExInterlockedInsertTailList',
'PsTerminateSystemThread',
'ObReferenceObjectByHandle',
'KeBugCheckEx',
'RtlAnsiStringToUnicodeString',
'KeLeaveCriticalRegion',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateMdl',
'IoReleaseCancelSpinLock',
'ObfDereferenceObject',
'RtlCopyUnicodeString',
'ExInterlockedRemoveHeadList',
'IoAllocateIrp',
'IoGetAttachedDeviceReference',
'ExQueryDepthSList',
'PoStartNextPowerIrp',
'MmBuildMdlForNonPagedPool',
'KeReleaseSpinLock',
'ExpInterlockedPushEntrySList',
'PoRegisterDeviceForIdleDetection',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'MmUnlockPages',
'DbgPrint',
'RtlUnicodeToMultiByteN',
'__C_specific_handler',
'ClassInitializeSrbLookasideList',
'ClassClaimDevice',
'ClassDeviceControl',
'ClassSendDeviceIoControlSynchronous',
'ClassReadDriveCapacity',
'ClassCreateDeviceObject',
'ClassQueryTimeOutRegistryValue',
'ClassAcquireRemoveLockEx',
'ClassDeleteSrbLookasideList',
'ClassRemoveDevice',
'ClassReleaseRemoveLock',
'ClassCompleteRequest',
'ClassSendSrbSynchronous',
'ClassAsynchronousCompletion',
'ClassInitialize',
'ClassSendIrpSynchronous',
'ClassIoComplete',
'ClassFindModePage'],
'LinkerVersion': 10,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 109,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 6144,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 90112,
'DUMPDATA': 26112,
'INIT\x00\x00\x00\x00': 6656,
'PAGE\x00\x00\x00\x00': 5120},
'StackReserveSize': 262144,
'filename': './data/malware/388c4d430259d15ce9d9fe6e8abb79351538d6e1f2d4327d8c6497c7c486645a'},
'38a08e1f3f72bb4dae5f65e9d968747389ed61bff9e4aac3c74b636d117bb9fa': {'AddressOfEntryPoint': 219616,
'DebugRVA': 230176,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 229376,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionBind',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoCancelIrp',
'PoSetPowerState',
'IoGetDeviceObjectPointer',
'IoStartNextPacket',
'PoStartNextPowerIrp',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoFreeIrp',
'RtlWriteRegistryValue',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoCreateSymbolicLink',
'ObfDereferenceObject',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoReleaseCancelSpinLock',
'IofCallDriver',
'IoRegisterShutdownNotification',
'RtlCheckRegistryKey',
'RtlQueryRegistryValues',
'IoGetDeviceProperty',
'RtlCreateRegistryKey',
'KeClearEvent',
'KeInitializeMutex',
'KeSetEvent',
'KeInitializeEvent',
'KeReleaseSpinLock',
'KeReleaseMutex',
'KeWaitForSingleObject',
'KeAcquireSpinLockRaiseToDpc',
'IoBuildSynchronousFsdRequest',
'IoFreeWorkItem',
'IoAllocateWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoInitializeIrp',
'IoCreateSynchronizationEvent',
'ZwClose',
'IoIsWdmVersionAvailable',
'ExEventObjectType',
'ObReferenceObjectByHandle',
'IoReleaseRemoveLockEx',
'IoDetachDevice',
'wcsstr',
'IoUnregisterPlugPlayNotification',
'towlower',
'ZwEnumerateValueKey',
'ZwOpenKey',
'RtlUnicodeStringToAnsiString',
'RtlFreeAnsiString',
'KeInitializeDpc',
'KeInsertQueueDpc',
'KeSynchronizeExecution',
'MmUnmapLockedPages',
'ExFreePoolWithTag',
'MmBuildMdlForNonPagedPool',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'IoAllocateMdl',
'swprintf',
'PoRequestPowerIrp',
'IoCreateNotificationEvent',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'ZwCreateSection',
'ExQueueWorkItem',
'KeInitializeTimer',
'KeSetTimer',
'KeCancelTimer',
'KeSetTimerEx',
'ExAllocatePoolWithTag',
'IoBuildDeviceIoControlRequest',
'RtlAnsiStringToUnicodeString',
'RtlIntegerToUnicodeString',
'RtlInitAnsiString',
'KeDelayExecutionThread',
'RtlFreeUnicodeString',
'RtlAppendUnicodeStringToString',
'RtlCopyUnicodeString',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'RtlInitUnicodeString',
'PoRegisterSystemState',
'PoUnregisterSystemState',
'IoAcquireRemoveLockEx',
'KeQueryTimeIncrement',
'sprintf',
'IoRegisterPlugPlayNotification',
'_purecall',
'__C_specific_handler',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionUnbind',
'WdfVersionBind'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 96,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 960,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 7168,
'.rdata\x00\x00': 16896,
'.reloc\x00\x00': 3072,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 224256,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/38a08e1f3f72bb4dae5f65e9d968747389ed61bff9e4aac3c74b636d117bb9fa'},
'38c1eaf41dbf8251bedd53a58636c97372f818ebbe76b97ef427d72539d26be6': {'AddressOfEntryPoint': 35804,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'KERNEL32.dll': 'WideCharToMultiByte',
'PSAPI.DLL': 'EnumProcessModules',
'USER32.dll': 'MessageBoxA'},
'ImportedFunctions': ['GetModuleBaseNameW',
'GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'GetStringTypeW',
'GetModuleFileNameW',
'CreateFileW',
'GetLastError',
'Sleep',
'GetCurrentProcess',
'SetPriorityClass',
'CreateThread',
'SetThreadPriority',
'CloseHandle',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetExitCodeProcess',
'TerminateProcess',
'MultiByteToWideChar',
'LCMapStringW',
'OpenProcess',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetProcAddress',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'LoadLibraryW',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'MessageBoxA',
'LookupPrivilegeValueW',
'OpenProcessToken',
'AdjustTokenPrivileges'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 75,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 59904},
'StackReserveSize': 1048576,
'filename': './data/malware/38c1eaf41dbf8251bedd53a58636c97372f818ebbe76b97ef427d72539d26be6'},
'38ff98c056b705492c12a757149563a42b12c43208ea92f9c308b2f187becb74': {'AddressOfEntryPoint': 125112,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 598016,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'LogonUserW',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetBkMode',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocDescriptorEx',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'DestroyWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'VerQueryValueW',
'WININET.dll': 'InternetReadFile',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['WSACleanup',
'ntohs',
'recvfrom',
'sendto',
'htons',
'ioctlsocket',
'listen',
'bind',
'WSAStartup',
'closesocket',
'connect',
'socket',
'send',
'WSAGetLastError',
'select',
'accept',
'__WSAFDIsSet',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Destroy',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_ReplaceIcon',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetSetOptionW',
'InternetCloseHandle',
'InternetOpenUrlW',
'InternetConnectW',
'FtpOpenFileW',
'HttpQueryInfoW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpGetFileSize',
'InternetCrackUrlW',
'InternetOpenW',
'InternetReadFile',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'UnloadUserProfile',
'DestroyEnvironmentBlock',
'CreateEnvironmentBlock',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'GetVersionExW',
'GetSystemInfo',
'GetModuleHandleW',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'ReadFile',
'SetFilePointer',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CompareStringW',
'WriteFile',
'GetProcessHeap',
'CreatePipe',
'EnterCriticalSection',
'TerminateThread',
'LeaveCriticalSection',
'DeleteCriticalSection',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'LoadLibraryA',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'RaiseException',
'RtlPcToFileHeader',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FreeLibrary',
'InitializeCriticalSection',
'GetProcAddress',
'LoadLibraryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetModuleFileNameA',
'RtlUnwindEx',
'InitializeCriticalSectionAndSpinCount',
'HeapSize',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'FlushFileBuffers',
'LCMapStringW',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'LCMapStringA',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapReAlloc',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'CompareStringA',
'GetStdHandle',
'SetEnvironmentVariableA',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'GetClipboardData',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'IsCharUpperW',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'GetDC',
'SystemParametersInfoW',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'keybd_event',
'VkKeyScanA',
'GetKeyboardLayoutNameA',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'EndPaint',
'BeginPaint',
'GetMenu',
'GetClientRect',
'CopyRect',
'CharUpperBuffW',
'EnumWindows',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'SendMessageTimeoutW',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'EnumChildWindows',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'IsCharLowerW',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursor',
'WindowFromPoint',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'EnumThreadWindows',
'ReleaseDC',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'FindWindowW',
'CloseClipboard',
'DestroyWindow',
'RoundRect',
'DeleteObject',
'CreateCompatibleDC',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CreateDIBSection',
'SelectObject',
'BitBlt',
'GetDIBits',
'DeleteDC',
'CloseFigure',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetDeviceCaps',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'CreateCompatibleBitmap',
'GetPixel',
'SetBkMode',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'SetSecurityDescriptorDacl',
'AddAce',
'GetAce',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'GetAclInformation',
'CopySid',
'GetTokenInformation',
'GetSecurityDescriptorDacl',
'LogonUserW',
'DragQueryPoint',
'ShellExecuteExW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'IIDFromString',
'StringFromIID',
'CLSIDFromString',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'StringFromCLSID',
'OleUninitialize',
'SafeArrayAllocData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'SafeArrayUnaccessData',
'SafeArrayGetVartype',
'OleLoadPicture',
'SysAllocString',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'VarR8FromDec',
'SafeArrayAllocDescriptorEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 506,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 120936,
'SectionNames': {'.data\x00\x00\x00': 17408,
'.pdata\x00\x00': 25600,
'.rdata\x00\x00': 86528,
'.rsrc\x00\x00\x00': 121344,
'.text\x00\x00\x00': 590848},
'StackReserveSize': 4194304,
'filename': './data/malware/38ff98c056b705492c12a757149563a42b12c43208ea92f9c308b2f187becb74'},
'393cd0a96ed1dd5f44d004affb65e95406ed4af63e23ccd0203bb017888351fe': {'AddressOfEntryPoint': 1073768413,
'DebugRVA': 4576,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 16777216,
'ImageVersion': 5,
'ImportedDLL': {'KERNEL32.dll': 'VirtualQuery',
'SETUPAPI.dll': 'SetupDiGetDeviceRegistryPropertyA'},
'ImportedFunctions': ['lstrlenA',
'LocalAlloc',
'LocalFree',
'GetLastError',
'GetCommandLineA',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'ExitProcess',
'GetProcAddress',
'GetModuleHandleA',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'LoadLibraryA',
'Sleep',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'SetupDiEnumDeviceInfo',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetDeviceInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiGetClassDevsA',
'SetupDiGetDeviceRegistryPropertyA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 48,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 976,
'StackReserveSize': 262144,
'filename': './data/malware/393cd0a96ed1dd5f44d004affb65e95406ed4af63e23ccd0203bb017888351fe'},
'393d6000d170cd5726668b00a0e99430dd390b0ca09da0360d17e6ef2af69228': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1315352,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1315840,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/393d6000d170cd5726668b00a0e99430dd390b0ca09da0360d17e6ef2af69228'},
'39641f1c43c6eed90d045a9d660baea68ac990c4c3522662a0d36b225c6da3d5': {'AddressOfEntryPoint': 8760,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 58400,
'ExportSize': 85,
'IATRVA': 45056,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'StartServiceCtrlDispatcherA',
'KERNEL32.dll': 'FlushFileBuffers'},
'ImportedFunctions': ['GetExitCodeThread',
'WaitForSingleObject',
'CreateRemoteThread',
'VirtualFreeEx',
'VirtualAllocEx',
'OpenProcess',
'GetModuleFileNameA',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'GetCurrentProcess',
'GetLastError',
'WriteProcessMemory',
'CloseHandle',
'GetCommandLineA',
'HeapAlloc',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetModuleHandleW',
'Sleep',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'HeapSize',
'LeaveCriticalSection',
'EnterCriticalSection',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'InitializeCriticalSectionAndSpinCount',
'HeapReAlloc',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'MultiByteToWideChar',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'CreateFileA',
'FlushFileBuffers',
'RegisterServiceCtrlHandlerA',
'OpenProcessToken',
'LookupPrivilegeValueA',
'AdjustTokenPrivileges',
'SetServiceStatus',
'StartServiceCtrlDispatcherA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 85,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 5632,
'.pdata\x00\x00': 2560,
'.rdata\x00\x00': 13824,
'.text\x00\x00\x00': 37376},
'StackReserveSize': 1048576,
'filename': './data/malware/39641f1c43c6eed90d045a9d660baea68ac990c4c3522662a0d36b225c6da3d5'},
'39c19e7de1c6430e66e1f3f8f3f62c971d4c49a62b5928b20fcaccffe55e7663': {'AddressOfEntryPoint': 84396,
'DebugRVA': 103552,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 102400,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'ConvertStringSecurityDescriptorToSecurityDescriptorA',
'KERNEL32.dll': 'GetCommandLineA',
'MSVCP90.dll': '?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'MSVCR90.dll': 'memcpy',
'SHELL32.dll': 'SHGetFileInfoW',
'USER32.dll': 'GetMessageA'},
'ImportedFunctions': ['WriteFile',
'OpenProcess',
'CreateEventA',
'ReadFile',
'GetOverlappedResult',
'DisconnectNamedPipe',
'FlushFileBuffers',
'GetLastError',
'CreateNamedPipeA',
'ResetEvent',
'ConnectNamedPipe',
'WaitForMultipleObjects',
'CloseHandle',
'LocalFree',
'FreeLibrary',
'WideCharToMultiByte',
'CreateFileW',
'GetProcAddress',
'LoadLibraryA',
'GetCurrentProcessId',
'PeekNamedPipe',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetStartupInfoW',
'GetCurrentThread',
'GetCurrentProcess',
'GetVersionExA',
'CreateSemaphoreA',
'TlsAlloc',
'InitializeCriticalSection',
'LeaveCriticalSection',
'TlsSetValue',
'LocalAlloc',
'TlsGetValue',
'EnterCriticalSection',
'TlsFree',
'DeleteCriticalSection',
'MultiByteToWideChar',
'ReleaseSemaphore',
'CreateSemaphoreW',
'WaitForSingleObject',
'Sleep',
'SwitchToThread',
'CreateThread',
'GetCommandLineA',
'TranslateMessage',
'DispatchMessageA',
'GetMessageA',
'SHGetFileInfoW',
'??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z',
'?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAX_K@Z',
'??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@D@Z',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z',
'??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ',
'?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG@Z',
'?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z',
'?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z',
'?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'_lock',
'_onexit',
'_decode_pointer',
'_amsg_exit',
'__wgetmainargs',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_encode_pointer',
'__crt_debugger_hook',
'?terminate@@YAXXZ',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'strtok_s',
'_wsplitpath_s',
'malloc',
'free',
'??2@YAPEAX_K@Z',
'_purecall',
'??_V@YAXPEAX@Z',
'_invalid_parameter_noinfo',
'??0exception@std@@QEAA@AEBV01@@Z',
'??0exception@std@@QEAA@AEBQEBD@Z',
'??0exception@std@@QEAA@XZ',
'??1exception@std@@UEAA@XZ',
'?what@exception@std@@UEBAPEBDXZ',
'??3@YAXPEAX@Z',
'__dllonexit',
'_unlock',
'__C_specific_handler',
'swscanf_s',
'_vsnwprintf_s',
'_wcslwr_s',
'memset',
'memcmp',
'strlen',
'wcslen',
'_strdup',
'_CxxThrowException',
'__CxxFrameHandler3',
'wcscpy_s',
'wcscat_s',
'wcstok_s',
'memcpy',
'ConvertSidToStringSidA',
'GetTokenInformation',
'OpenProcessToken',
'OpenThreadToken',
'ConvertStringSecurityDescriptorToSecurityDescriptorA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 129,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 688,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 8704,
'.rdata\x00\x00': 30208,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 94720},
'StackReserveSize': 1048576,
'filename': './data/malware/39c19e7de1c6430e66e1f3f8f3f62c971d4c49a62b5928b20fcaccffe55e7663'},
'3a1a39852786a3210972f4f3f3dfda8ec10e3bdf0a2e88dc412be4c06378b483': {'AddressOfEntryPoint': 4196,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'ExitProcess'},
'ImportedFunctions': ['VirtualAlloc',
'ExitProcess'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 2,
'NumberOfSections': 2,
'OSVersion': 5,
'ResSize': 0,
'SectionNames': {'.rdata\x00\x00': 512,
'.text\x00\x00\x00': 4608},
'StackReserveSize': 1048576,
'filename': './data/malware/3a1a39852786a3210972f4f3f3dfda8ec10e3bdf0a2e88dc412be4c06378b483'},
'3a26abded2c4305dd780912d5db949dfcbfdbb41f7908478a97b625d304821aa': {'AddressOfEntryPoint': 35436,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'KERNEL32.dll': 'WideCharToMultiByte',
'PSAPI.DLL': 'EnumProcessModules',
'USER32.dll': 'MessageBoxA'},
'ImportedFunctions': ['GetModuleBaseNameW',
'GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'GetStringTypeW',
'GetCurrentProcess',
'SetPriorityClass',
'CreateThread',
'SetThreadPriority',
'Sleep',
'OpenProcess',
'CloseHandle',
'GetModuleFileNameW',
'GetLongPathNameW',
'CreateProcessW',
'GetLastError',
'GetExitCodeProcess',
'TerminateProcess',
'MultiByteToWideChar',
'LCMapStringW',
'lstrcpyW',
'FlsGetValue',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetProcAddress',
'GetModuleHandleW',
'ExitProcess',
'RtlUnwindEx',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'LoadLibraryW',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'MessageBoxA',
'LookupPrivilegeValueW',
'OpenProcessToken',
'AdjustTokenPrivileges'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 59392},
'StackReserveSize': 1048576,
'filename': './data/malware/3a26abded2c4305dd780912d5db949dfcbfdbb41f7908478a97b625d304821aa'},
'3a384d62d08835e3e0746848d9ca89a4ca393fc115d0c11e4a5003c1c2585284': {'AddressOfEntryPoint': 250944,
'DebugRVA': 262944,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 262144,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionBind',
'ntoskrnl.exe': '_purecall'},
'ImportedFunctions': ['ObfDereferenceObject',
'IoGetDeviceObjectPointer',
'RtlInitUnicodeString',
'IoStartNextPacket',
'PoUnregisterSystemState',
'PoRegisterSystemState',
'IoReleaseRemoveLockEx',
'IofCompleteRequest',
'PoStartNextPowerIrp',
'IoAcquireRemoveLockEx',
'IofCallDriver',
'IoReleaseRemoveLockAndWaitEx',
'PoSetPowerState',
'PoCallDriver',
'IoCancelIrp',
'IoReleaseCancelSpinLock',
'IoFreeIrp',
'IoRegisterShutdownNotification',
'RtlQueryRegistryValues',
'RtlCreateRegistryKey',
'RtlCheckRegistryKey',
'KeInitializeEvent',
'KeInitializeMutex',
'KeReleaseMutex',
'KeReleaseSpinLock',
'KeClearEvent',
'KeAcquireSpinLockRaiseToDpc',
'KeWaitForSingleObject',
'KeSetEvent',
'IoBuildSynchronousFsdRequest',
'IoInitializeIrp',
'IoFreeWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoAllocateWorkItem',
'IoCreateSynchronizationEvent',
'ZwClose',
'IoIsWdmVersionAvailable',
'ObReferenceObjectByHandle',
'ExEventObjectType',
'IoDetachDevice',
'IoAttachDeviceToDeviceStack',
'wcsstr',
'IoRegisterPlugPlayNotification',
'towlower',
'ZwEnumerateValueKey',
'ZwOpenKey',
'RtlFreeAnsiString',
'RtlUnicodeStringToAnsiString',
'KeSynchronizeExecution',
'KeInitializeDpc',
'KeInsertQueueDpc',
'ExFreePoolWithTag',
'__C_specific_handler',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'MmBuildMdlForNonPagedPool',
'IoAllocateMdl',
'MmUnmapLockedPages',
'PoRequestPowerIrp',
'swprintf',
'ZwCreateSection',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'IoCreateNotificationEvent',
'ExQueueWorkItem',
'KeSetTimer',
'KeCancelTimer',
'KeInitializeTimer',
'KeSetTimerEx',
'KeDelayExecutionThread',
'IoBuildDeviceIoControlRequest',
'RtlCopyUnicodeString',
'ExAllocatePoolWithTag',
'RtlIntegerToUnicodeString',
'RtlFreeUnicodeString',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlAppendUnicodeStringToString',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'IoCreateDevice',
'RtlWriteRegistryValue',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'sprintf',
'KeQueryTimeIncrement',
'IoUnregisterPlugPlayNotification',
'_purecall',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionUnbind',
'WdfVersionBind'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 95,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 928,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 13824,
'.rdata\x00\x00': 33792,
'.reloc\x00\x00': 3584,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 254976,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/3a384d62d08835e3e0746848d9ca89a4ca393fc115d0c11e4a5003c1c2585284'},
'3a48814c69b47661371a4ae184640c4dcc3db94cad3715b99db9325c85d5d5d7': {'AddressOfEntryPoint': 51316,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 184896,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.lon\x00\x00\x12\x00': 512,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 185344,
'.text\x00\x00\x00': 54784},
'StackReserveSize': 524288,
'filename': './data/malware/3a48814c69b47661371a4ae184640c4dcc3db94cad3715b99db9325c85d5d5d7'},
'3aec694d72efb396b6c3c857153455a714afa89f4edb5536219e0dc8a74f531a': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 9636,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 9728,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/3aec694d72efb396b6c3c857153455a714afa89f4edb5536219e0dc8a74f531a'},
'3b38878bec77b98c79bdb1b209084ea27f708a33f2933d945cfe1ba1d8f30673': {'AddressOfEntryPoint': 33652,
'DebugRVA': 20944,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 20480,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'FLTMGR.SYS': 'FltCancelFileOpen',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoAttachDeviceToDeviceStackSafe',
'ZwReadFile',
'RtlCompareUnicodeString',
'RtlInitUnicodeString',
'ZwClose',
'ExpInterlockedPushEntrySList',
'ExpInterlockedPopEntrySList',
'ExQueryDepthSList',
'KeBugCheckEx',
'ExInitializeNPagedLookasideList',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateWorkItem',
'ExFreePoolWithTag',
'ExAllocatePool',
'IoRegisterFsRegistrationChange',
'ExDeleteNPagedLookasideList',
'ExAllocatePoolWithTag',
'IoThreadToProcess',
'PsGetProcessId',
'IoUnregisterFsRegistrationChange',
'IoDetachDevice',
'ExQueueWorkItem',
'ZwWriteFile',
'KeReleaseSpinLock',
'IoQueueWorkItem',
'IoCreateDevice',
'ObfDereferenceObject',
'ZwQueryInformationProcess',
'IoFreeWorkItem',
'ZwOpenProcess',
'IoDeleteDevice',
'__C_specific_handler',
'FltClose',
'FltAttachVolume',
'FltCreateFile',
'FltGetVolumeFromName',
'FltSendMessage',
'FltFreeSecurityDescriptor',
'FltStartFiltering',
'FltGetVolumeFromDeviceObject',
'FltReleaseFileNameInformation',
'FltRegisterFilter',
'FltGetDeviceObject',
'FltObjectDereference',
'FltBuildDefaultSecurityDescriptor',
'FltGetVolumeName',
'FltCreateCommunicationPort',
'FltCloseCommunicationPort',
'FltEnumerateVolumes',
'FltUnregisterFilter',
'FltCloseClientPort',
'FltGetBottomInstance',
'FltGetFileNameInformation',
'FltCancelFileOpen'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 55,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.text\x00\x00\x00': 14336,
'INIT\x00\x00\x00\x00': 3072},
'StackReserveSize': 262144,
'filename': './data/malware/3b38878bec77b98c79bdb1b209084ea27f708a33f2933d945cfe1ba1d8f30673'},
'3be7b1d360376dc9228cae463338d3ac305996d057125e379ea1ca42cbff8d76': {'AddressOfEntryPoint': 163392,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 335872,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryInfoKeyA',
'KERNEL32.dll': 'GetEnvironmentStringsW',
'OLEAUT32.dll': 'VariantClear',
'USER32.dll': 'PostThreadMessageA',
'ole32.dll': 'CoRevokeClassObject'},
'ImportedFunctions': ['SetEvent',
'CloseHandle',
'CreateThread',
'CreateEventA',
'GetModuleFileNameA',
'GetModuleHandleW',
'IsDBCSLeadByte',
'FreeLibrary',
'SizeofResource',
'LoadResource',
'lstrcmpiA',
'LoadLibraryExA',
'Sleep',
'GetCurrentThreadId',
'GetCommandLineA',
'lstrlenA',
'GetModuleHandleA',
'GetProcAddress',
'CreateFileA',
'ReadFile',
'GetLastError',
'DeleteCriticalSection',
'InitializeCriticalSection',
'RaiseException',
'lstrlenW',
'WideCharToMultiByte',
'MultiByteToWideChar',
'CreateMutexA',
'WaitForSingleObject',
'FindResourceA',
'ReleaseMutex',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'SetFilePointer',
'GetLocaleInfoA',
'GetStringTypeW',
'GetStringTypeA',
'InitializeCriticalSectionAndSpinCount',
'GetConsoleMode',
'GetConsoleCP',
'FlushFileBuffers',
'LoadLibraryA',
'SetHandleCount',
'OpenEventA',
'OutputDebugStringA',
'OutputDebugStringW',
'GetCurrentProcessId',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetModuleFileNameW',
'VirtualAlloc',
'UnmapViewOfFile',
'GetSystemInfo',
'MapViewOfFile',
'CreateFileMappingA',
'GetCurrentThread',
'HeapFree',
'GetProcessHeap',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'RtlUnwindEx',
'VirtualProtect',
'VirtualQuery',
'HeapSize',
'HeapValidate',
'IsBadReadPtr',
'GetStartupInfoA',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'IsValidCodePage',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsAlloc',
'FlsFree',
'SetLastError',
'LCMapStringA',
'LCMapStringW',
'DebugBreak',
'GetStdHandle',
'WriteFile',
'WriteConsoleW',
'GetFileType',
'ExitProcess',
'LoadLibraryW',
'HeapAlloc',
'HeapSetInformation',
'HeapCreate',
'HeapReAlloc',
'HeapQueryInformation',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'wsprintfA',
'CharNextA',
'CharNextW',
'GetMessageA',
'DispatchMessageA',
'UnregisterClassA',
'PostThreadMessageA',
'RegSetValueExA',
'RegCreateKeyExA',
'RegDeleteValueA',
'RegDeleteKeyA',
'RegEnumKeyExA',
'RegOpenKeyA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'SetThreadToken',
'RevertToSelf',
'OpenThreadToken',
'RegQueryInfoKeyA',
'CoRegisterClassObject',
'CoCreateInstance',
'CoTaskMemAlloc',
'CoTaskMemRealloc',
'CoTaskMemFree',
'StringFromGUID2',
'CoUninitialize',
'CoInitialize',
'CoRevokeClassObject',
'VarUI4FromStr',
'RegisterTypeLib',
'UnRegisterTypeLib',
'LoadTypeLib',
'SysAllocString',
'SysStringLen',
'SysStringByteLen',
'SysAllocStringByteLen',
'SysFreeString',
'VariantClear'],
'LinkerVersion': 9,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 146,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 41416,
'SectionNames': {'.data\x00\x00\x00': 13312,
'.pdata\x00\x00': 17408,
'.rdata\x00\x00': 100864,
'.rsrc\x00\x00\x00': 41472,
'.text\x00\x00\x00': 330240},
'StackReserveSize': 1048576,
'filename': './data/malware/3be7b1d360376dc9228cae463338d3ac305996d057125e379ea1ca42cbff8d76'},
'3be8a8db322b71e851ae241b124c4dfbdd76324b90b5c095a80bd310c65cc1a7': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 929196,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 929280,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/3be8a8db322b71e851ae241b124c4dfbdd76324b90b5c095a80bd310c65cc1a7'},
'3c1ffaf975a7aa8380f6fc111ba26476eed90008946d5de788cd50ec7a6b66aa': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 233200,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 233472,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/3c1ffaf975a7aa8380f6fc111ba26476eed90008946d5de788cd50ec7a6b66aa'},
'3c212affc4e21d5ebd1e4376aca98577cd44f9436e7ec3abbea5f14edb5aab1a': {'AddressOfEntryPoint': 135772,
'DebugRVA': 28440,
'DebugSize': 56,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NDIS.SYS': 'NdisUnchainBufferAtFront',
'NETIO.SYS': 'RtlCopyMdlToBuffer',
'ntoskrnl.exe': 'KeAcquireSpinLockRaiseToDpc'},
'ImportedFunctions': ['KeBugCheckEx',
'ZwClose',
'ZwQueryValueKey',
'ZwOpenKey',
'KeReleaseSpinLockFromDpcLevel',
'KeAcquireSpinLockAtDpcLevel',
'ExpInterlockedPopEntrySList',
'ExDeleteNPagedLookasideList',
'IoFreeMdl',
'ExInitializeNPagedLookasideList',
'IoWMIRegistrationControl',
'RtlCompareMemory',
'MmGetSystemRoutineAddress',
'ExFreePoolWithTag',
'IoWMIWriteEvent',
'KeSetEvent',
'KeInitializeEvent',
'KeWaitForSingleObject',
'IoReuseIrp',
'KeResetEvent',
'IoFreeIrp',
'IoAllocateIrp',
'ExAllocatePoolWithTag',
'RtlInitUnicodeString',
'RtlIpv4AddressToStringA',
'RtlIpv6AddressToStringA',
'RtlIpv6StringToAddressA',
'ExQueryDepthSList',
'ExpInterlockedPushEntrySList',
'MmLockPagableDataSection',
'KeReleaseSpinLock',
'KeAcquireSpinLockRaiseToDpc',
'NdisMRegisterMiniport',
'NdisAllocatePacketPool',
'NdisFreePacketPool',
'NdisAllocatePacket',
'NdisFreePacket',
'NdisAllocateBuffer',
'NdisFreeBufferPool',
'NdisAllocateBufferPool',
'NdisMSleep',
'NdisMCmRegisterAddressFamily',
'NdisMSetAttributesEx',
'NdisTerminateWrapper',
'NdisMRegisterUnloadHandler',
'NdisScheduleWorkItem',
'NdisMCoIndicateStatus',
'NdisSetTimer',
'NdisCancelTimer',
'NdisInitializeTimer',
'NdisMCoSendComplete',
'NdisMCoReceiveComplete',
'NdisMCoIndicateReceivePacket',
'NdisCopyBuffer',
'NdisCloseConfiguration',
'NdisReadConfiguration',
'NdisOpenConfiguration',
'NdisCmRegisterSapComplete',
'NdisCmDeregisterSapComplete',
'NdisAllocateMemoryWithTag',
'NdisFreeMemory',
'NdisCmMakeCallComplete',
'NdisCmCloseCallComplete',
'NdisMCmDeactivateVc',
'NdisCmDispatchCallConnected',
'NdisCmDispatchIncomingCloseCall',
'NdisMCmActivateVc',
'NdisCmCloseAddressFamilyComplete',
'NdisMCmDeleteVc',
'NdisMCmCreateVc',
'NdisCmDispatchIncomingCall',
'NdisInitializeWrapper',
'NdisUnchainBufferAtFront',
'NmrWaitForClientDeregisterComplete',
'NmrClientAttachProvider',
'NmrRegisterClient',
'RtlCopyMdlToBuffer'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 77,
'NumberOfSections': 10,
'OSVersion': 6,
'ResSize': 1056,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 8192,
'.rdata\x00\x00': 12288,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 24576,
'INIT\x00\x00\x00\x00': 3584,
'PAGE\x00\x00\x00\x00': 8704,
'PAGEL2TP': 59904,
'PAGEWsk\x00': 8192},
'StackReserveSize': 262144,
'filename': './data/malware/3c212affc4e21d5ebd1e4376aca98577cd44f9436e7ec3abbea5f14edb5aab1a'},
'3c2584a26896f9e70ae767222fe0b2d23d9971cd7869d054ad3e4b705385674f': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'GetTickCount',
'SetUnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'GetCommandLineW',
'UnhandledExceptionFilter',
'ExitProcess',
'HeapSetInformation',
'EnumResourceNamesW',
'FindResourceW',
'FreeLibrary',
'LoadResource',
'CreateProcessW',
'HeapAlloc',
'GetSystemWindowsDirectoryW',
'HeapFree',
'CreateDirectoryW',
'WaitForSingleObject',
'GetProcessHeap',
'WriteFile',
'GetSystemDirectoryW',
'LoadLibraryW',
'SizeofResource',
'GetExitCodeProcess',
'CreateFileW',
'GetLastError',
'GetCurrentDirectoryW',
'GetProcAddress',
'LockResource',
'SetCurrentDirectoryW',
'RemoveDirectoryW',
'CloseHandle',
'DeleteFileW',
'SetFileAttributesW',
'RegCloseKey',
'RegOpenKeyExW',
'RegDeleteValueW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 50,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 367460,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 367616,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/3c2584a26896f9e70ae767222fe0b2d23d9971cd7869d054ad3e4b705385674f'},
'3c2a40f64aae9c3185cd852d8113c1bde8142852f115304bcfbdb2b8d753ef3f': {'AddressOfEntryPoint': 33032,
'DebugRVA': 4160,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 54752,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'GetTempFileNameA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_commode'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'CreateFileA',
'FindResourceA',
'SetFilePointer',
'GlobalAlloc',
'ExpandEnvironmentStringsA',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'CreateProcessA',
'ReadFile',
'SetCurrentDirectoryA',
'_llseek',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'FreeResource',
'GetWindowsDirectoryA',
'lstrcmpA',
'_lclose',
'GlobalLock',
'GetCurrentProcess',
'LoadResource',
'FreeLibrary',
'GetStartupInfoW',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'TerminateProcess',
'OutputDebugStringA',
'QueryPerformanceCounter',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetSystemTimeAsFileTime',
'GetTickCount',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'GetTempFileNameA',
'GetDeviceCaps',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'GetDC',
'MessageBoxA',
'PeekMessageA',
'ReleaseDC',
'GetDlgItem',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'SendMessageA',
'GetSystemMetrics',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'__C_specific_handler',
'_initterm',
'__setusermatherr',
'_ismbblead',
'_cexit',
'memset',
'memcpy',
'_exit',
'exit',
'__set_app_type',
'__getmainargs',
'_amsg_exit',
'_XcptFilter',
'_errno',
'_vsnprintf',
'_commode',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 152,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 121724,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.idata\x00\x00': 5632,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 121856,
'.text\x00\x00\x00': 32768},
'StackReserveSize': 524288,
'filename': './data/malware/3c2a40f64aae9c3185cd852d8113c1bde8142852f115304bcfbdb2b8d753ef3f'},
'3c2f3f730ba452ff1cfef86d0ccbc09c411fb45eaee7861ba5fc66b880fe1c3a': {'AddressOfEntryPoint': 180536,
'DebugRVA': 756104,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 757760,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'OpenThreadToken',
'GDI32.dll': 'ExtTextOutW',
'KERNEL32.dll': 'CloseHandle',
'OLEAUT32.dll': 'SysFreeString',
'POWRPROF.dll': 'GetPwrCapabilities',
'PROPSYS.dll': 'PropVariantToStringAlloc',
'RPCRT4.dll': 'RpcBindingFromStringBindingW',
'SHELL32.dll': 'SHCreateItemFromParsingName',
'SHLWAPI.dll': 'PathFindExtensionW',
'Secur32.dll': 'GetUserNameExW',
'USER32.dll': 'GetClassNameW',
'UxTheme.dll': 'IsThemeActive',
'dwmapi.dll': 'DwmUnregisterThumbnail',
'gdiplus.dll': 'GdipSetCompositingMode',
'msvcrt.dll': 'sin',
'ntdll.dll': 'NtQueryInformationProcess',
'ole32.dll': 'CoCreateFreeThreadedMarshaler',
'slc.dll': 'SLGetWindowsInformationDWORD'},
'ImportedFunctions': ['RegCreateKeyW',
'RegCloseKey',
'RegOpenKeyExW',
'RegGetValueW',
'EventWrite',
'EventEnabled',
'GetTraceLoggerHandle',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'RegisterTraceGuidsW',
'UnregisterTraceGuids',
'RegQueryValueExW',
'GetLengthSid',
'GetTokenInformation',
'OpenProcessToken',
'RegCreateKeyExW',
'RegSetValueExW',
'EventRegister',
'EventUnregister',
'TraceMessage',
'RegOpenKeyW',
'RegDeleteValueW',
'RegQueryInfoKeyW',
'RegEnumValueW',
'LsaOpenPolicy',
'GetSidSubAuthorityCount',
'LsaClose',
'IsValidSid',
'LsaFreeMemory',
'StartTraceW',
'EnableTraceEx',
'StopTraceW',
'CryptAcquireContextW',
'CryptCreateHash',
'CryptHashData',
'CryptGetHashParam',
'CryptDestroyHash',
'CryptReleaseContext',
'StartServiceW',
'CreateWellKnownSid',
'RegEnumKeyExW',
'GetSidSubAuthority',
'LsaLookupSids',
'ConvertSidToStringSidW',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'CheckTokenMembership',
'QueryServiceStatus',
'OpenSCManagerW',
'OpenServiceW',
'CloseServiceHandle',
'ConvertStringSidToSidW',
'OpenThreadToken',
'DelayLoadFailureHook',
'LoadLibraryExA',
'ReadFile',
'GetFileSize',
'CreateFileW',
'FlushInstructionCache',
'RaiseException',
'SetLastError',
'OpenThread',
'GetSystemTimeAsFileTime',
'GetLocaleInfoW',
'GetDateFormatW',
'GetTimeFormatW',
'GetLocalTime',
'MultiByteToWideChar',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetModuleHandleW',
'OpenEventW',
'InterlockedPopEntrySList',
'FindClose',
'FindNextFileW',
'GetLongPathNameW',
'SetProcessShutdownParameters',
'GetStartupInfoW',
'ReleaseMutex',
'CreateMutexW',
'InitializeCriticalSection',
'DeleteCriticalSection',
'VirtualAlloc',
'InterlockedPushEntrySList',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'TerminateProcess',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'VirtualFree',
'lstrcmpiW',
'CompareStringOrdinal',
'FindFirstFileW',
'SetErrorMode',
'CreateEventW',
'GetSystemDirectoryW',
'GetVersionExW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'GetUserDefaultUILanguage',
'WaitForSingleObject',
'SetTermsrvAppInstallMode',
'GetFileAttributesW',
'RegisterApplicationRestart',
'GlobalGetAtomNameW',
'ExpandEnvironmentStringsW',
'SystemTimeToFileTime',
'GetSystemTime',
'MulDiv',
'GetTickCount64',
'GetThreadPriority',
'LeaveCriticalSection',
'EnterCriticalSection',
'SetEvent',
'GetCurrentThread',
'SetThreadPriority',
'GetTickCount',
'GetUserDefaultLangID',
'ExitProcess',
'HeapDestroy',
'UnmapViewOfFile',
'MapViewOfFile',
'SearchPathW',
'GetDynamicTimeZoneInformation',
'GetTimeZoneInformation',
'GetBinaryTypeW',
'QueryPerformanceFrequency',
'QueueUserWorkItem',
'LoadLibraryExW',
'GetProductInfo',
'TerminateThread',
'CreateIoCompletionPort',
'GetQueuedCompletionStatus',
'LoadLibraryA',
'DeleteFileW',
'GetProcessId',
'GetModuleHandleA',
'GetWindowsDirectoryW',
'CompareStringW',
'lstrcmpA',
'CompareFileTime',
'QueryFullProcessImageNameW',
'CreateFileMappingW',
'ResetEvent',
'WideCharToMultiByte',
'GlobalFree',
'DuplicateHandle',
'GetCurrentDirectoryW',
'WaitForMultipleObjects',
'GetComputerNameW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'lstrlenA',
'DeactivateActCtx',
'ActivateActCtx',
'ReleaseActCtx',
'CreateActCtxW',
'LockResource',
'LoadResource',
'FindResourceExW',
'HeapAlloc',
'HeapFree',
'GetProcessHeap',
'GetCurrentProcess',
'GetCommandLineW',
'GetPrivateProfileStringW',
'GetModuleFileNameW',
'CreateProcessW',
'lstrlenW',
'OpenProcess',
'LocalFree',
'LocalAlloc',
'QueryInformationJobObject',
'Sleep',
'CreateThread',
'SetPriorityClass',
'GetPriorityClass',
'ResumeThread',
'AssignProcessToJobObject',
'SetInformationJobObject',
'GetLastError',
'CreateJobObjectW',
'CloseHandle',
'LPtoDP',
'GetRgnBox',
'OffsetViewportOrgEx',
'GetStockObject',
'GdiFlush',
'CombineRgn',
'OffsetRgn',
'SetLayout',
'SetWindowOrgEx',
'StretchBlt',
'GetTextExtentPoint32W',
'CreatePen',
'Polyline',
'GetRegionData',
'GetTextColor',
'GetLayout',
'GetTextMetricsW',
'ExtCreateRegion',
'SetDIBits',
'SelectClipRgn',
'SetViewportOrgEx',
'GetViewportOrgEx',
'IntersectClipRect',
'GetClipRgn',
'CreateRectRgn',
'GetBkColor',
'PatBlt',
'CreateBitmap',
'SetBkMode',
'SetTextColor',
'SetBkColor',
'OffsetWindowOrgEx',
'CreateCompatibleBitmap',
'GetTextExtentPointW',
'GetClipBox',
'GetObjectW',
'GdiAlphaBlend',
'BitBlt',
'GetDeviceCaps',
'CreateFontIndirectW',
'CreateRectRgnIndirect',
'CreateCompatibleDC',
'CreateDIBSection',
'SelectObject',
'DeleteObject',
'DeleteDC',
'ExtTextOutW',
'CopyRect',
'SetRect',
'CreateWindowExW',
'DialogBoxParamW',
'GetClassInfoW',
'GetClassInfoExW',
'GetMenuItemInfoW',
'GetMenuItemCount',
'DefWindowProcW',
'ActivateKeyboardLayout',
'GetCursorPos',
'InsertMenuW',
'GetMenuStringW',
'SetMenuItemInfoW',
'InsertMenuItemW',
'IsChild',
'IsWinEventHookInstalled',
'IsProcessDPIAware',
'IsRectEmpty',
'UnionRect',
'GetClassLongW',
'SetClassLongW',
'GetGUIThreadInfo',
'GetDlgCtrlID',
'GetNextDlgGroupItem',
'GetNextDlgTabItem',
'MoveWindow',
'ChildWindowFromPointEx',
'GetWindowDC',
'CharUpperW',
'UnregisterClassW',
'FrameRect',
'WindowFromDC',
'SendMessageCallbackW',
'UpdateLayeredWindow',
'GetUserObjectInformationW',
'GetProcessWindowStation',
'GetThreadDesktop',
'ShowWindowAsync',
'BringWindowToTop',
'GetClassLongPtrW',
'GetIconInfo',
'RegisterShellHookWindow',
'DeregisterShellHookWindow',
'FlashWindowEx',
'SetThreadDesktop',
'EndTask',
'OpenInputDesktop',
'CloseDesktop',
'GetMenuState',
'IsZoomed',
'SetScrollInfo',
'GetScrollInfo',
'SetScrollPos',
'InternalGetWindowText',
'GetWindowInfo',
'GetCaretBlinkTime',
'SetLayeredWindowAttributes',
'GetLayeredWindowAttributes',
'GetUpdateRect',
'SetWindowsHookExW',
'UnhookWindowsHookEx',
'CallNextHookEx',
'SetFocus',
'GetAncestor',
'ReleaseCapture',
'GetDoubleClickTime',
'RegisterWindowMessageW',
'SetWindowTextW',
'SetWindowPlacement',
'SetRectEmpty',
'EnumDisplayMonitors',
'InflateRect',
'EqualRect',
'UpdateWindow',
'GetMonitorInfoW',
'MonitorFromPoint',
'MonitorFromRect',
'CharPrevW',
'GetMessageW',
'TranslateMessage',
'DispatchMessageW',
'CreatePopupMenu',
'GetMenuDefaultItem',
'SendNotifyMessageW',
'LockSetForegroundWindow',
'ChangeWindowMessageFilterEx',
'IntersectRect',
'MonitorFromWindow',
'IsWindowVisible',
'GetForegroundWindow',
'EnumWindows',
'GetParent',
'IsWindow',
'TranslateAcceleratorW',
'WaitMessage',
'GetWindowTextW',
'GetClientRect',
'TrackPopupMenuEx',
'SetActiveWindow',
'GetKeyState',
'GhostWindowFromHungWindow',
'RegisterClassW',
'LoadCursorW',
'SubtractRect',
'RedrawWindow',
'BeginDeferWindowPos',
'DeferWindowPos',
'EndDeferWindowPos',
'InvalidateRect',
'OffsetRect',
'SendMessageTimeoutW',
'SetWindowRgn',
'UpdateLayeredWindowIndirect',
'GetWindowRgnBox',
'LoadImageW',
'GetWindowPlacement',
'SetForegroundWindow',
'GetLastInputInfo',
'RemovePropW',
'GetLastActivePopup',
'SwitchToThisWindow',
'MessageBeep',
'GetActiveWindow',
'GetFocus',
'SetCursor',
'UnregisterHotKey',
'RegisterHotKey',
'SendDlgItemMessageW',
'EndDialog',
'GetDesktopWindow',
'GetAsyncKeyState',
'ChildWindowFromPoint',
'SetCursorPos',
'GetMessagePos',
'BeginPaint',
'FillRect',
'DrawEdge',
'EndPaint',
'GetSystemMenu',
'EnableMenuItem',
'ExitWindowsEx',
'LoadIconW',
'DestroyIcon',
'IsIconic',
'DeleteMenu',
'CheckMenuItem',
'ModifyMenuW',
'WindowFromPoint',
'ClientToScreen',
'TrackPopupMenu',
'IsHungAppWindow',
'GetWindowThreadProcessId',
'AppendMenuW',
'CascadeWindows',
'TileWindows',
'LockWorkStation',
'ScreenToClient',
'RegisterClipboardFormatW',
'NotifyWinEvent',
'GetSysColor',
'DrawFocusRect',
'AdjustWindowRectEx',
'CopyIcon',
'MsgWaitForMultipleObjects',
'SetWinEventHook',
'RegisterClassExW',
'GetDlgItem',
'EnableWindow',
'GetDlgItemInt',
'SetDlgItemInt',
'IsDlgButtonChecked',
'IsWindowEnabled',
'CheckDlgButton',
'CallWindowProcW',
'SetCapture',
'DrawTextW',
'AdjustWindowRect',
'CalculatePopupWindowPosition',
'GetMessageExtraInfo',
'GetCapture',
'SetGestureConfig',
'DrawIconEx',
'RemoveMenu',
'SetMenuDefaultItem',
'LoadMenuW',
'GetSubMenu',
'AllowSetForegroundWindow',
'LoadAcceleratorsW',
'TrackMouseEvent',
'CharNextW',
'GetWindow',
'GetSysColorBrush',
'GetPropW',
'HungWindowFromGhostWindow',
'SetWindowCompositionAttribute',
'GetWindowLongW',
'MsgWaitForMultipleObjectsEx',
'EnumChildWindows',
'SendMessageW',
'PtInRect',
'GetKeyboardLayout',
'GetWindowRect',
'DestroyMenu',
'SystemParametersInfoW',
'ShowWindow',
'MapWindowPoints',
'SetTimer',
'SetPropW',
'KillTimer',
'SetWindowPos',
'GetWindowLongPtrW',
'PostQuitMessage',
'SetWindowLongPtrW',
'DestroyWindow',
'ShutdownBlockReasonCreate',
'LoadStringW',
'PostMessageW',
'PeekMessageW',
'ReleaseDC',
'GetDC',
'FindWindowW',
'GetSystemMetrics',
'GetShellWindow',
'GetClassNameW',
'_vsnwprintf',
'free',
'wcsstr',
'iswalpha',
'wcschr',
'realloc',
'_wcsicmp',
'cosf',
'_wtoi',
'memcmp',
'sqrt',
'ceil',
'bsearch',
'__wgetmainargs',
'__C_specific_handler',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'?terminate@@YAXXZ',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'__set_app_type',
'memmove',
'memcpy',
'memset',
'_fmode',
'malloc',
'sin',
'WinSqmSetString',
'WinSqmSetDWORD',
'WinSqmAddToStreamEx',
'NtSetSystemInformation',
'WinSqmAddToStream',
'WinSqmEventEnabled',
'WinSqmIsOptedIn',
'NtSetInformationProcess',
'NtQueryInformationToken',
'NtOpenProcessToken',
'NtClose',
'NtOpenThreadToken',
'RtlGetProductInfo',
'EtwEventEnabled',
'EtwEventWrite',
'NtQueryInformationProcess',
'StrStrIW',
'AssocQueryStringW',
'PathQuoteSpacesW',
'SHDeleteKeyW',
'SHRegGetUSValueW',
'PathIsNetworkPathW',
'SHOpenRegStream2W',
'SHRegGetBoolUSValueW',
'SHStrDupW',
'StrChrIW',
'PathFileExistsW',
'PathGetDriveNumberW',
'PathRemoveFileSpecW',
'PathIsDirectoryW',
'SHRegGetValueW',
'ChrCmpIW',
'AssocQueryKeyW',
'PathStripPathW',
'PathIsRootW',
'PathParseIconLocationW',
'StrCmpIW',
'StrCmpW',
'PathIsPrefixW',
'SHCreateStreamOnFileW',
'SHQueryInfoKeyW',
'StrCmpNW',
'StrTrimW',
'PathStripToRootW',
'StrRetToBufW',
'PathCommonPrefixW',
'SHStrDupA',
'PathRemoveExtensionW',
'PathIsFileSpecW',
'AssocCreate',
'StrRetToStrW',
'StrToIntW',
'StrChrW',
'PathCombineW',
'SHCreateThreadRef',
'SHSetThreadRef',
'SHGetValueW',
'PathFindFileNameW',
'PathRemoveArgsW',
'PathRemoveBlanksW',
'StrCmpNIW',
'PathGetArgsW',
'SHSetValueW',
'SHDeleteValueW',
'PathAppendW',
'PathFindExtensionW',
'SHCreateDataObject',
'SHGetLocalizedName',
'Shell_GetCachedImageIndexW',
'SHGetStockIconInfo',
'SHGetPropertyStoreForWindow',
'SHGetSpecialFolderLocation',
'SHCreateItemWithParent',
'SHBindToFolderIDListParent',
'SHBindToFolderIDListParentEx',
'SHChangeNotify',
'SHGetFileInfoW',
'SHParseDisplayName',
'SHGetFolderLocation',
'SHGetSpecialFolderPathW',
'SHBindToObject',
'SHGetKnownFolderIDList',
'ShellExecuteExW',
'SHGetNameFromIDList',
'SHCreateShellItem',
'SHChangeNotifyRegisterThread',
'SHGetPathFromIDListW',
'SHFileOperationW',
'SHGetFolderPathEx',
'SHUpdateRecycleBinIcon',
'SHBindToParent',
'SHGetFolderPathW',
'SHGetPathFromIDListA',
'ShellExecuteW',
'SHEnableServiceObject',
'SHGetIDListFromObject',
'SHCreateItemFromIDList',
'SHAddToRecentDocs',
'Shell_NotifyIconW',
'Shell_NotifyIconGetRect',
'ExtractIconExW',
'SHEvaluateSystemCommandTemplate',
'SHCreateShellItemArrayFromIDLists',
'DragQueryFileW',
'SHGetKnownFolderPath',
'SHCreateShellItemArrayFromShellItem',
'SHCreateItemFromParsingName',
'CoInitializeEx',
'CLSIDFromString',
'CoGetMalloc',
'CoGetInterfaceAndReleaseStream',
'RevokeDragDrop',
'RegisterDragDrop',
'CoUninitialize',
'CoInitialize',
'CoMarshalInterThreadInterfaceInStream',
'CoFreeUnusedLibraries',
'CoRegisterMessageFilter',
'StringFromGUID2',
'OleUninitialize',
'OleInitialize',
'CoRevokeClassObject',
'CoRegisterClassObject',
'CoCreateInstance',
'CoTaskMemFree',
'CreateStreamOnHGlobal',
'ReleaseStgMedium',
'PropVariantClear',
'CreateBindCtx',
'CoTaskMemAlloc',
'CoCreateFreeThreadedMarshaler',
'VariantInit',
'VariantClear',
'SysAllocStringByteLen',
'SysAllocStringLen',
'SysAllocString',
'SysFreeString',
'GetThemeBackgroundExtent',
'GetThemeBackgroundRegion',
'GetThemeColor',
'IsThemePartDefined',
'GetThemeRect',
'DrawThemeIcon',
'GetBufferedPaintBits',
'BufferedPaintClear',
'IsAppThemed',
'IsCompositionActive',
'OpenThemeData',
'CloseThemeData',
'SetWindowTheme',
'GetThemeMetric',
'DrawThemeBackground',
'GetThemeTextExtent',
'DrawThemeText',
'GetThemeBool',
'DrawThemeParentBackground',
'GetWindowTheme',
'GetThemeBackgroundContentRect',
'GetThemePartSize',
'BeginBufferedPaint',
'DrawThemeTextEx',
'EndBufferedPaint',
'GetThemeMargins',
'BufferedPaintInit',
'BufferedPaintUnInit',
'IsThemeActive',
'CallNtPowerInformation',
'PowerDeterminePlatformRole',
'GetPwrCapabilities',
'DwmEnableBlurBehindWindow',
'DwmSetWindowAttribute',
'DwmIsCompositionEnabled',
'DwmQueryThumbnailSourceSize',
'DwmUpdateThumbnailProperties',
'DwmUnregisterThumbnail',
'SLGetWindowsInformationDWORD',
'GdipSetInterpolationMode',
'GdipDrawImageRectI',
'GdipCloneImage',
'GdipGetImageWidth',
'GdipGetImageHeight',
'GdipCreateBitmapFromHBITMAP',
'GdiplusStartup',
'GdiplusShutdown',
'GdipFree',
'GdipAlloc',
'GdipDisposeImage',
'GdipCreateFromHDC',
'GdipDeleteGraphics',
'GdipSetCompositingMode',
'GetUserNameExW',
'NdrClientCall3',
'I_RpcExceptionFilter',
'RpcStringFreeW',
'RpcBindingFree',
'RpcBindingSetAuthInfoExW',
'RpcStringBindingComposeW',
'RpcBindingFromStringBindingW',
'PSCreateMemoryPropertyStore',
'VariantToStringAlloc',
'VariantToStringWithDefault',
'PropVariantToString',
'VariantToBooleanWithDefault',
'PropVariantToInt64',
'VariantToInt32WithDefault',
'PropVariantToBoolean',
'PropVariantToUInt64',
'PropVariantToUInt32',
'PropVariantToStringAlloc'],
'LinkerVersion': 9,
'NumberOfImportDLL': 19,
'NumberOfImportFunctions': 703,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1846912,
'SectionNames': {'.data\x00\x00\x00': 14848,
'.pdata\x00\x00': 52736,
'.rdata\x00\x00': 191488,
'.reloc\x00\x00': 10240,
'.rsrc\x00\x00\x00': 1847296,
'.text\x00\x00\x00': 752128},
'StackReserveSize': 524288,
'filename': './data/malware/3c2f3f730ba452ff1cfef86d0ccbc09c411fb45eaee7861ba5fc66b880fe1c3a'},
'3c57c336abbe953ab379eebc319482f933373ede8f30ed8e0215f38393873ce1': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 883776,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 884224,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/3c57c336abbe953ab379eebc319482f933373ede8f30ed8e0215f38393873ce1'},
'3c5a6986d9cd1f4bc13a50d2bacaeeb71f2d827bd08b7f0b9ac870ec468719de': {'AddressOfEntryPoint': 31152,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 57344,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 948,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 19968,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 52736},
'StackReserveSize': 1048576,
'filename': './data/malware/3c5a6986d9cd1f4bc13a50d2bacaeeb71f2d827bd08b7f0b9ac870ec468719de'},
'3c8fba7851aa5c9eca70752fcd64fde62f3705257eadb51e7bd0bcb2b1d3491f': {'AddressOfEntryPoint': 35388,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'EnumProcessModules'},
'ImportedFunctions': ['GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'Sleep',
'OpenProcess',
'GetExitCodeProcess',
'TerminateProcess',
'CloseHandle',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'CreateFileW',
'CreateThread',
'GetCurrentProcess',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetModuleFileNameW',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 59392},
'StackReserveSize': 1048576,
'filename': './data/malware/3c8fba7851aa5c9eca70752fcd64fde62f3705257eadb51e7bd0bcb2b1d3491f'},
'3c943b88b07b0d6210dce1746769194d3104bf19a0a581d7a075b19da63cf19f': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 2266592,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2266624,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/3c943b88b07b0d6210dce1746769194d3104bf19a0a581d7a075b19da63cf19f'},
'3cec9b0e4f60895cdad85e8190352662edebe353e4dab4a5f301376b81b5df1a': {'AddressOfEntryPoint': 38912,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 81920,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'SHELL32.dll': 'SHGetFolderPathA',
'USER32.dll': 'TranslateMessage',
'VERSION.dll': 'VerQueryValueA',
'WININET.dll': 'InternetErrorDlg'},
'ImportedFunctions': ['GetModuleFileNameA',
'GetModuleHandleA',
'LoadLibraryA',
'GetSystemDirectoryA',
'FreeLibrary',
'GetProcAddress',
'GetWindowsDirectoryA',
'GetEnvironmentVariableA',
'_local_unwind',
'MultiByteToWideChar',
'GetCurrentProcess',
'SetFilePointer',
'GetTempPathA',
'GetSystemInfo',
'LocalFree',
'GetTickCount',
'GetCurrentProcessId',
'GetUserDefaultLangID',
'GetVersionExA',
'LocalAlloc',
'FormatMessageA',
'LockResource',
'LoadResource',
'SizeofResource',
'FindResourceA',
'TerminateProcess',
'CompareStringW',
'CompareStringA',
'SetStdHandle',
'FlushFileBuffers',
'VirtualQuery',
'VirtualAlloc',
'VirtualProtect',
'HeapReAlloc',
'LCMapStringW',
'LCMapStringA',
'InitializeCriticalSection',
'WideCharToMultiByte',
'GetThreadLocale',
'GetCommandLineA',
'lstrcpynA',
'CreateDirectoryA',
'CreateProcessA',
'GetExitCodeProcess',
'GetLastError',
'lstrlenA',
'lstrcatA',
'CreateFileA',
'WriteFile',
'CloseHandle',
'WaitForSingleObject',
'__C_specific_handler',
'lstrcmpA',
'lstrcpyA',
'lstrcmpiA',
'ExitProcess',
'GetLocaleInfoA',
'GetStringTypeW',
'GetStringTypeA',
'IsBadCodePtr',
'IsBadWritePtr',
'IsBadReadPtr',
'RtlPcToFileHeader',
'GetFileType',
'SetHandleCount',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'GetStdHandle',
'GetTimeZoneInformation',
'Sleep',
'GetCPInfo',
'GetOEMCP',
'GetACP',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlUnwindEx',
'HeapAlloc',
'HeapFree',
'GetProcessHeap',
'GetStartupInfoA',
'TlsAlloc',
'SetLastError',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'RaiseException',
'DeleteCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSetInformation',
'HeapCreate',
'SetEnvironmentVariableA',
'LoadStringA',
'GetDesktopWindow',
'MessageBoxA',
'wsprintfA',
'MsgWaitForMultipleObjects',
'DispatchMessageA',
'PeekMessageA',
'TranslateMessage',
'RegCreateKeyExA',
'RegQueryInfoKeyA',
'RegOpenKeyA',
'RegDeleteKeyA',
'RegDeleteValueA',
'RegSetValueExA',
'RegEnumKeyA',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegCloseKey',
'SHGetFolderPathA',
'GetFileVersionInfoA',
'VerQueryValueA',
'HttpQueryInfoA',
'InternetCloseHandle',
'InternetReadFile',
'HttpSendRequestA',
'HttpOpenRequestA',
'InternetConnectA',
'InternetCrackUrlA',
'InternetOpenA',
'InternetErrorDlg'],
'LinkerVersion': 8,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 130,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 17134080,
'SectionNames': {'.data\x00\x00\x00': 7680,
'.pdata\x00\x00': 4608,
'.rdata\x00\x00': 24576,
'.rsrc\x00\x00\x00': 17134080,
'.text\x00\x00\x00': 77824},
'StackReserveSize': 1048576,
'filename': './data/malware/3cec9b0e4f60895cdad85e8190352662edebe353e4dab4a5f301376b81b5df1a'},
'3d4b357481c8e8308988955e31def8145ec0b1734b1352f09a469dd052fe9448': {'AddressOfEntryPoint': 217088,
'DebugRVA': 46864,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 0,
'OSVersion': 6,
'ResSize': 127328,
'SectionNames': {},
'StackReserveSize': 524288,
'filename': './data/malware/3d4b357481c8e8308988955e31def8145ec0b1734b1352f09a469dd052fe9448'},
'3d6ff7fa98a376f7674b9975daca012278683f6cecf22126ca9d7b75e862e4ba': {'AddressOfEntryPoint': 217088,
'DebugRVA': 46864,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 0,
'OSVersion': 6,
'ResSize': 127328,
'SectionNames': {},
'StackReserveSize': 524288,
'filename': './data/malware/3d6ff7fa98a376f7674b9975daca012278683f6cecf22126ca9d7b75e862e4ba'},
'3d8fd3071a78e85341b8ee9b0399fb665a391622b4fb6c27b3ffe111bab5fb4b': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3420,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 1724928,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/3d8fd3071a78e85341b8ee9b0399fb665a391622b4fb6c27b3ffe111bab5fb4b'},
'3dbcab057f5790dc41c2000a53545eb369742a8e85c65ac52d3b473e6915371f': {'AddressOfEntryPoint': 1073742329,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'COMCTL32.dll': 'InitCommonControlsEx',
'KERNEL32.dll': 'LoadLibraryW',
'MSVCR90.dll': '_wtol',
'SHELL32.dll': 'CommandLineToArgvW',
'USER32.dll': 'EnableWindow'},
'ImportedFunctions': ['__CxxFrameHandler3',
'_amsg_exit',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'__crt_debugger_hook',
'?terminate@@YAXXZ',
'_decode_pointer',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'__set_app_type',
'_encode_pointer',
'_fmode',
'_commode',
'__setusermatherr',
'_configthreadlocale',
'_initterm_e',
'_initterm',
'_wcmdln',
'exit',
'_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__wgetmainargs',
'_wtol',
'LocalFree',
'GetSystemTimeAsFileTime',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetCommandLineW',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'SetUnhandledExceptionFilter',
'GetStartupInfoW',
'Sleep',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'PostMessageW',
'DrawIcon',
'GetClientRect',
'GetSystemMetrics',
'IsIconic',
'SetParent',
'SendMessageW',
'EnableWindow',
'CommandLineToArgvW',
'InitCommonControlsEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 56,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 2368,
'StackReserveSize': 1048576,
'filename': './data/malware/3dbcab057f5790dc41c2000a53545eb369742a8e85c65ac52d3b473e6915371f'},
'3dc41de2a9165db7ed462b50e0625c75e903cca91bd8a5ffca86ff4883b3a8ce': {'AddressOfEntryPoint': 1188446,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 34112,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'mscoree.dll': '_CorExeMain'},
'ImportedFunctions': ['_CorExeMain'],
'LinkerVersion': 8,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 1,
'NumberOfSections': 3,
'OSVersion': 4,
'ResSize': 289280,
'SectionNames': {'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 289280,
'.text\x00\x00\x00': 1180672},
'StackReserveSize': 1048576,
'filename': './data/malware/3dc41de2a9165db7ed462b50e0625c75e903cca91bd8a5ffca86ff4883b3a8ce'},
'3dce8322f749a2aed8a9da7c0d2670a82bce10f9038f286e5fa94577f0fc57ef': {'AddressOfEntryPoint': 11532,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 32768,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetCPInfo',
'SHELL32.dll': 'ShellExecuteExA',
'USER32.dll': 'MsgWaitForMultipleObjects'},
'ImportedFunctions': ['_lclose',
'GetModuleFileNameA',
'_lread',
'_llseek',
'_lopen',
'_lwrite',
'_lcreat',
'CreateDirectoryA',
'SetCurrentDirectoryA',
'lstrcatA',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'GetDiskFreeSpaceA',
'GetFileAttributesA',
'RemoveDirectoryA',
'DeleteFileA',
'lstrlenA',
'GetCurrentDirectoryA',
'CloseHandle',
'GetExitCodeProcess',
'LocalFree',
'GetCurrentProcess',
'MoveFileExA',
'Sleep',
'GetStringTypeW',
'MultiByteToWideChar',
'LCMapStringW',
'HeapReAlloc',
'HeapSize',
'IsValidCodePage',
'lstrcpyA',
'GetTempPathA',
'CompareStringA',
'GetOEMCP',
'GetACP',
'GetModuleHandleW',
'ExitProcess',
'DecodePointer',
'GetLastError',
'HeapFree',
'HeapAlloc',
'GetCommandLineA',
'GetStartupInfoW',
'InitializeCriticalSectionAndSpinCount',
'DeleteCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'EncodePointer',
'LoadLibraryW',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'TerminateProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'RtlUnwindEx',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetCPInfo',
'TranslateMessage',
'DispatchMessageA',
'PeekMessageA',
'wsprintfA',
'LoadCursorA',
'SetCursor',
'MessageBoxA',
'MsgWaitForMultipleObjects',
'GetTokenInformation',
'OpenProcessToken',
'ShellExecuteExA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 91,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 28020,
'SectionNames': {'.data\x00\x00\x00': 4096,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 14848,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 28160,
'.text\x00\x00\x00': 25088},
'StackReserveSize': 1048576,
'filename': './data/malware/3dce8322f749a2aed8a9da7c0d2670a82bce10f9038f286e5fa94577f0fc57ef'},
'3ddd314f1a0f781596c0f4b2191c6beffc2c2df0dc02f7ab4842a3eebfd02059': {'AddressOfEntryPoint': 70368,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 40960,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'ControlService',
'KERNEL32.dll': 'GetACP',
'SETUPAPI.dll': 'SetupCloseInfFile',
'USER32.dll': 'wsprintfA'},
'ImportedFunctions': ['RegCloseKey',
'RegQueryValueExA',
'RegOpenKeyA',
'RegFlushKey',
'RegSetValueExA',
'RegDeleteValueA',
'RegOpenKeyExA',
'CloseServiceHandle',
'QueryServiceConfigA',
'OpenServiceA',
'OpenSCManagerA',
'StartServiceA',
'CreateServiceA',
'DeleteService',
'QueryServiceStatus',
'ControlService',
'wsprintfA',
'SetupDiCreateDeviceInfoList',
'SetupDiGetClassDevsA',
'SetupDiEnumDeviceInfo',
'SetupDiDestroyDeviceInfoList',
'SetupDiSetClassInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiGetDeviceInstallParamsA',
'SetupOpenInfFileA',
'SetupInstallServicesFromInfSectionA',
'SetupCloseInfFile',
'InitializeCriticalSection',
'FlushFileBuffers',
'SetStdHandle',
'GetOEMCP',
'CloseHandle',
'GetExitCodeProcess',
'WaitForSingleObject',
'CreateProcessA',
'GetSystemDirectoryA',
'lstrcpyA',
'GetVersionExA',
'FindClose',
'FindFirstFileA',
'lstrcmpiA',
'lstrlenA',
'DeleteFileA',
'GetWindowsDirectoryA',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'GetLastError',
'Sleep',
'GetCurrentProcess',
'GetCommandLineA',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'LCMapStringA',
'WideCharToMultiByte',
'MultiByteToWideChar',
'LCMapStringW',
'TlsAlloc',
'SetLastError',
'GetCurrentThreadId',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'GetModuleHandleA',
'RtlUnwindEx',
'EnterCriticalSection',
'LeaveCriticalSection',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsW',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'SetFilePointer',
'GetLocaleInfoA',
'GetCPInfo',
'VirtualProtect',
'GetSystemInfo',
'VirtualQuery',
'GetStringTypeA',
'GetStringTypeW',
'GetACP'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 92,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 736,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 2048,
'.rdata\x00\x00': 11776,
'.rsrc\x00\x00\x00': 4608,
'.text\x00\x00\x00': 35840},
'StackReserveSize': 1048576,
'filename': './data/malware/3ddd314f1a0f781596c0f4b2191c6beffc2c2df0dc02f7ab4842a3eebfd02059'},
'3debde619eea6ba2603167edaa7f6011128554679edda1f1bdd206922b46af2f': {'AddressOfEntryPoint': 63872,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 103040,
'ExportSize': 192,
'IATRVA': 4096,
'ImageBase': 905969664,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetUserNameA',
'KERNEL32.dll': 'GetStartupInfoA',
'SHLWAPI.dll': 'StrStrIA',
'USER32.dll': 'wvsprintfA',
'WININET.dll': 'InternetCloseHandle',
'ole32.dll': 'StringFromGUID2'},
'ImportedFunctions': ['StrRChrA',
'StrStrIA',
'CryptHashData',
'StartServiceCtrlDispatcherA',
'RegisterServiceCtrlHandlerExA',
'RegCloseKey',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegSetValueExA',
'RegCreateKeyExA',
'CryptReleaseContext',
'CryptDestroyHash',
'CryptGetHashParam',
'CryptCreateHash',
'CryptAcquireContextA',
'SetSecurityDescriptorDacl',
'InitializeSecurityDescriptor',
'RegOpenKeyA',
'SetServiceStatus',
'GetUserNameA',
'CharLowerA',
'CharNextA',
'LoadStringA',
'wvsprintfA',
'GetFileType',
'SetHandleCount',
'LCMapStringW',
'LCMapStringA',
'CloseHandle',
'lstrlenA',
'GetModuleHandleA',
'GetStringTypeExA',
'GetThreadLocale',
'lstrcmpA',
'ReadFile',
'GetFileSize',
'CreateFileA',
'VirtualQuery',
'Sleep',
'SystemTimeToFileTime',
'GetCurrentProcessId',
'UnmapViewOfFile',
'ReleaseMutex',
'WaitForSingleObject',
'DuplicateHandle',
'GetCurrentProcess',
'OpenProcess',
'MapViewOfFileEx',
'VirtualFree',
'IsBadReadPtr',
'GetLastError',
'GetFileTime',
'GetVolumeInformationA',
'OpenFileMappingW',
'lstrlenW',
'GetComputerNameA',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetSystemTime',
'GetModuleFileNameA',
'lstrcpynA',
'MoveFileExA',
'GetTickCount',
'GetVersionExA',
'FreeLibraryAndExitThread',
'CreateThread',
'CreateEventA',
'GetStringTypeW',
'MultiByteToWideChar',
'GetStringTypeA',
'GetEnvironmentStringsW',
'GetLocaleInfoA',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetCPInfo',
'GetSystemTimeAsFileTime',
'QueryPerformanceCounter',
'HeapReAlloc',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'GetModuleHandleW',
'ExitProcess',
'GetCommandLineA',
'HeapFree',
'HeapSetInformation',
'HeapCreate',
'HeapAlloc',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'RaiseException',
'RtlPcToFileHeader',
'HeapSize',
'WriteFile',
'GetStdHandle',
'DeleteCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'InitializeCriticalSectionAndSpinCount',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetStartupInfoA',
'OleUninitialize',
'CoCreateInstance',
'OleInitialize',
'StringFromGUID2',
'HttpOpenRequestA',
'HttpSendRequestA',
'InternetQueryDataAvailable',
'InternetConnectA',
'InternetGetConnectedState',
'InternetCheckConnectionA',
'InternetReadFile',
'InternetOpenA',
'InternetCrackUrlA',
'InternetCanonicalizeUrlA',
'InternetCloseHandle'],
'LinkerVersion': 9,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 132,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 4556,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 4608,
'.rsrc\x00\x00\x00': 4608,
'.text\x00\x00\x00': 99328},
'StackReserveSize': 1048576,
'filename': './data/malware/3debde619eea6ba2603167edaa7f6011128554679edda1f1bdd206922b46af2f'},
'3dfe8530b3c7425d5363ecb4f90f1b93bba9dd353af33ea72ccf3aaadf736d3a': {'AddressOfEntryPoint': 3490504989,
'DebugRVA': 6912,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'GetLengthSid',
'CRYPT32.dll': 'CertFreeCertificateContext',
'GDI32.dll': 'StartDocW',
'KERNEL32.dll': 'GetSystemDirectoryW',
'OLEAUT32.dll': 'VariantChangeType',
'SETUPAPI.dll': 'CM_Get_Device_IDW',
'SHELL32.dll': 'SHGetFolderPathW',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueW',
'WINTRUST.dll': 'CryptCATAdminCalcHashFromFileHandle',
'msvcrt.dll': '__C_specific_handler',
'ole32.dll': 'CoUninitialize'},
'ImportedFunctions': ['iswdigit',
'_vsnwprintf',
'wcspbrk',
'wcsrchr',
'wcschr',
'_wcsnicmp',
'memcmp',
'iswalpha',
'wcslen',
'__CxxFrameHandler',
'free',
'??3@YAXPEAX@Z',
'_CxxThrowException',
'?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z',
'??1type_info@@UEAA@XZ',
'_onexit',
'__dllonexit',
'?terminate@@YAXXZ',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_initterm',
'__wgetmainargs',
'_wcmdln',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'fread',
'_wfopen',
'fwprintf',
'fclose',
'_wcslwr',
'??2@YAPEAX_K@Z',
'wcsstr',
'_wcsicmp',
'_wtol',
'memset',
'realloc',
'memmove',
'memcpy',
'towupper',
'vswprintf',
'_vscwprintf',
'_wcsupr',
'malloc',
'__C_specific_handler',
'RegDeleteKeyW',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'SetEntriesInAclW',
'DeleteService',
'AllocateAndInitializeSid',
'EqualSid',
'FreeSid',
'OpenProcessToken',
'IsTextUnicode',
'StartServiceW',
'ControlService',
'OpenSCManagerW',
'OpenServiceW',
'QueryServiceStatus',
'CloseServiceHandle',
'RegDeleteValueW',
'RegQueryValueExW',
'RegOpenKeyExW',
'RegCreateKeyExW',
'RegSetValueExW',
'RegCloseKey',
'GetTokenInformation',
'CheckTokenMembership',
'SetSecurityDescriptorDacl',
'InitializeSecurityDescriptor',
'AddAccessAllowedAce',
'InitializeAcl',
'GetLengthSid',
'DeviceIoControl',
'LocalReAlloc',
'GetACP',
'GetLocaleInfoA',
'GetThreadLocale',
'GetVersionExW',
'RaiseException',
'InitializeCriticalSection',
'DeleteCriticalSection',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'FindResourceExW',
'CloseHandle',
'GetLastError',
'GetCurrentProcess',
'MultiByteToWideChar',
'SetCurrentDirectoryW',
'GetWindowsDirectoryW',
'GetLocalTime',
'EnumResourceLanguagesW',
'SetThreadLocale',
'IsValidLocale',
'GetUserDefaultUILanguage',
'WaitForMultipleObjects',
'GetCommandLineW',
'WriteFile',
'CreateFileW',
'CreateThread',
'UnmapViewOfFile',
'MapViewOfFile',
'CreateFileMappingW',
'GetFileSize',
'LocalFree',
'FormatMessageW',
'SetFileAttributesW',
'FindClose',
'FindNextFileW',
'FindFirstFileW',
'GetTempFileNameW',
'lstrcmpiW',
'lstrlenW',
'lstrcmpW',
'GetFileAttributesW',
'DeleteFileW',
'ReadFile',
'SetFilePointer',
'ReleaseMutex',
'WaitForSingleObject',
'HeapFree',
'GetProcessHeap',
'SetEndOfFile',
'HeapAlloc',
'CreateMutexW',
'CreateEventW',
'SetEvent',
'ResetEvent',
'SetConsoleCursorPosition',
'FillConsoleOutputCharacterW',
'ReadConsoleOutputW',
'GetConsoleScreenBufferInfo',
'SetConsoleMode',
'GetConsoleMode',
'FreeLibrary',
'FreeConsole',
'GetStdHandle',
'GetProcAddress',
'LoadLibraryW',
'WriteConsoleOutputW',
'WriteConsoleW',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetStartupInfoW',
'GetVersionExA',
'EnterCriticalSection',
'LeaveCriticalSection',
'HeapDestroy',
'HeapReAlloc',
'HeapSize',
'lstrcpyW',
'RemoveDirectoryW',
'CreateDirectoryW',
'GetFullPathNameW',
'GetModuleHandleW',
'GetModuleFileNameW',
'lstrcpynW',
'GlobalFree',
'MoveFileExW',
'GetShortPathNameW',
'CopyFileW',
'SetLastError',
'GetSystemWindowsDirectoryW',
'GetCurrentDirectoryW',
'GetEnvironmentVariableW',
'CompareStringW',
'VerifyVersionInfoW',
'VerSetConditionMask',
'Sleep',
'LocalAlloc',
'GetSystemDirectoryW',
'GetTextMetricsW',
'StartPage',
'GetDeviceCaps',
'CreateFontIndirectW',
'EndPage',
'EndDoc',
'DeleteObject',
'StartDocW',
'GetParent',
'SetDlgItemTextW',
'IsDlgButtonChecked',
'CheckDlgButton',
'SetFocus',
'DrawTextExW',
'LoadImageW',
'LoadBitmapW',
'PostMessageW',
'GetSysColor',
'LoadIconW',
'LoadStringW',
'DestroyWindow',
'SetWindowLongW',
'GetWindowLongPtrW',
'SendDlgItemMessageW',
'InvalidateRect',
'SystemParametersInfoW',
'GetDC',
'ReleaseDC',
'SetWindowLongPtrW',
'SetWindowTextW',
'CallWindowProcW',
'DestroyIcon',
'DialogBoxParamW',
'EndDialog',
'GetDlgItem',
'SendMessageW',
'MessageBoxW',
'GetProcessWindowStation',
'GetUserObjectInformationW',
'CharLowerW',
'CharPrevW',
'GetSystemMetrics',
'CommandLineToArgvW',
'SHGetFolderPathW',
'CM_Locate_DevNodeW',
'SetupDiOpenClassRegKey',
'SetupDiClassNameFromGuidW',
'pSetupSetGlobalFlags',
'pSetupGetGlobalFlags',
'SetupGetFieldCount',
'SetupGetIntField',
'SetupGetStringFieldW',
'SetupFindNextLine',
'SetupFindNextMatchLineW',
'CM_Get_Device_ID_List_SizeW',
'SetupPromptReboot',
'SetupInstallFromInfSectionW',
'SetupInstallServicesFromInfSectionW',
'SetupFindFirstLineW',
'CMP_WaitNoPendingInstallEvents',
'SetupOpenAppendInfFileW',
'SetupGetLineCountW',
'SetupDiGetActualSectionToInstallW',
'SetupCloseInfFile',
'SetupOpenInfFileW',
'SetupDiSetSelectedDevice',
'CM_Get_Device_ID_ListW',
'CM_Setup_DevNode',
'CM_Query_And_Remove_SubTreeW',
'CM_Enumerate_Classes',
'SetupInstallFilesFromInfSectionW',
'SetupDiOpenDeviceInfoW',
'SetupQueueCopyW',
'SetupQueueCopyIndirectW',
'SetupTermDefaultQueueCallback',
'SetupDefaultQueueCallbackW',
'SetupCommitFileQueueW',
'SetupInitDefaultQueueCallbackEx',
'SetupOpenFileQueue',
'SetupCloseFileQueue',
'SetupGetTargetPathW',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetClassDevsW',
'SetupDiOpenDevRegKey',
'SetupDiEnumDeviceInfo',
'SetupCopyOEMInfW',
'SetupDiSetDeviceRegistryPropertyW',
'SetupDiGetDeviceRegistryPropertyW',
'SetupDiCreateDeviceInfoList',
'CM_Get_DevNode_Status',
'SetupDiGetDeviceInstanceIdW',
'SetupDiCallClassInstaller',
'SetupDiBuildDriverInfoList',
'SetupDiSetDeviceInstallParamsW',
'SetupDiGetDeviceInstallParamsW',
'SetupDiGetDriverInfoDetailW',
'SetupDiGetSelectedDriverW',
'SetupDiSetClassInstallParamsW',
'CM_Get_Device_IDW',
'WinVerifyTrust',
'CryptCATAdminCalcHashFromFileHandle',
'CoTaskMemFree',
'StringFromCLSID',
'CoInitialize',
'CoCreateInstance',
'CoUninitialize',
'VariantClear',
'VariantInit',
'SysAllocString',
'SysFreeString',
'VariantChangeType',
'CryptQueryObject',
'CertGetCTLContextProperty',
'CertFreeCTLContext',
'CertFreeCertificateContext',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'VerQueryValueW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 12,
'NumberOfImportFunctions': 305,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 105376,
'StackReserveSize': 524288,
'filename': './data/malware/3dfe8530b3c7425d5363ecb4f90f1b93bba9dd353af33ea72ccf3aaadf736d3a'},
'3e0765de464110e8b2ab5b05feb4b0cb9286c09ae61654a224a64d202f6019ba': {'AddressOfEntryPoint': 22268,
'DebugRVA': 124304,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 122880,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'MD5Init',
'GDI32.dll': 'SetTextColor',
'KERNEL32.dll': 'GetModuleHandleW',
'OLEAUT32.dll': 'LoadTypeLibEx',
'RPCRT4.dll': 'UuidCreateSequential',
'SHELL32.dll': 'ShellExecuteExW',
'USER32.dll': 'SetWindowTextW',
'WS2_32.dll': 'WSACleanup',
'ntdll.dll': '__chkstk',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['ZwCreateSection',
'ZwOpenFile',
'RtlDosPathNameToNtPathName_U',
'LdrFindEntryForAddress',
'RtlImageNtHeader',
'LdrAccessResource',
'LdrFindResource_U',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'RtlFreeUnicodeString',
'ZwCreateKey',
'ZwSetValueKey',
'ZwQueryValueKey',
'ZwDeleteValueKey',
'ZwFlushKey',
'ZwEnumerateKey',
'ZwDeleteKey',
'memcmp',
'ZwOpenTimer',
'ZwSetTimer',
'ZwDeleteFile',
'memcpy',
'RtlIpv4StringToAddressW',
'RtlIpv4AddressToStringA',
'memset',
'ZwWriteFile',
'strtoul',
'ZwCreateFile',
'ZwQueryInformationFile',
'ZwSetInformationFile',
'RtlIpv4AddressToStringExA',
'ZwQueryInformationProcess',
'RtlGetCurrentPeb',
'RtlPrefixUnicodeString',
'RtlNtStatusToDosError',
'LdrUnloadDll',
'LdrAddRefDll',
'sprintf',
'strlen',
'ZwRaiseHardError',
'wcsstr',
'RtlAdjustPrivilege',
'LdrLoadDll',
'RtlInitUnicodeString',
'wcscpy',
'ZwClose',
'ZwQueryKey',
'ZwImpersonateThread',
'ZwOpenThread',
'ZwOpenKey',
'RtlComputeCrc32',
'wcslen',
'swprintf',
'ZwSetContextThread',
'ZwProtectVirtualMemory',
'ZwWaitForSingleObject',
'ZwGetContextThread',
'RtlExitUserThread',
'RtlCreateUserThread',
'ZwDuplicateObject',
'ZwOpenProcess',
'RtlEqualUnicodeString',
'ZwQuerySystemInformation',
'ZwResumeThread',
'ZwQueueApcThread',
'ZwAllocateVirtualMemory',
'ZwSetInformationToken',
'ZwDuplicateToken',
'ZwAdjustPrivilegesToken',
'ZwOpenThreadTokenEx',
'ZwWriteVirtualMemory',
'ZwReadVirtualMemory',
'wcschr',
'__chkstk',
'SetThreadLocale',
'CreateTimerQueueTimer',
'DeleteTimerQueueTimer',
'GetSystemTimeAsFileTime',
'GetLastError',
'BindIoCompletionCallback',
'WideCharToMultiByte',
'CopyFileW',
'CreateProcessW',
'ExitThread',
'GetCommandLineW',
'LoadLibraryW',
'VirtualProtect',
'LoadLibraryExW',
'ExitProcess',
'FreeLibraryAndExitThread',
'Sleep',
'GetSystemDefaultLangID',
'GetVersion',
'LocalFree',
'LocalAlloc',
'VirtualAlloc',
'VirtualFree',
'FormatMessageW',
'GetModuleHandleW',
'MD5Update',
'MD5Final',
'CreateProcessAsUserW',
'RegisterServiceCtrlHandlerExW',
'SetServiceStatus',
'StartServiceCtrlDispatcherW',
'MD5Init',
'GetWindowLongW',
'SetDlgItemTextW',
'SetWindowPos',
'LoadIconW',
'SetWindowLongW',
'GetWindowLongPtrW',
'SetWindowLongPtrW',
'DialogBoxParamW',
'PostMessageW',
'EndDialog',
'SendMessageW',
'GetClientRect',
'FindWindowW',
'GetDlgItem',
'MessageBoxW',
'GetSystemMetrics',
'CreateWindowExW',
'AdjustWindowRect',
'DefWindowProcW',
'PostQuitMessage',
'DestroyWindow',
'OpenDesktopW',
'SetThreadDesktop',
'DestroyIcon',
'UnregisterClassW',
'DispatchMessageW',
'TranslateMessage',
'GetActiveWindow',
'GetMessageW',
'RegisterClassW',
'LoadCursorW',
'SetWindowTextW',
'UuidCreateSequential',
'GetStockObject',
'SetBkColor',
'SetTextColor',
'ShellExecuteExW',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'SysAllocString',
'SysFreeString',
'VariantClear',
'LoadTypeLibEx',
'WSAStartup',
'WSASocketW',
'WSAGetLastError',
'closesocket',
'bind',
'WSAIoctl',
'WSARecv',
'WSASend',
'setsockopt',
'WSASendTo',
'WSARecvFrom',
'WSACleanup'],
'LinkerVersion': 9,
'NumberOfImportDLL': 12,
'NumberOfImportFunctions': 162,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 10104,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 14336,
'.rsrc\x00\x00\x00': 10240,
'.text\x00\x00\x00': 115200},
'StackReserveSize': 1048576,
'filename': './data/malware/3e0765de464110e8b2ab5b05feb4b0cb9286c09ae61654a224a64d202f6019ba'},
'3e09126bb9245f524be55e3ca1ac11e26b8ecb26f455fe8d6fef90d78b35e259': {'AddressOfEntryPoint': 5568,
'DebugRVA': 37632,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 36864,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorSacl',
'KERNEL32.dll': 'HeapReAlloc',
'USER32.dll': 'GetMessageW'},
'ImportedFunctions': ['GetLastError',
'MapViewOfFile',
'UnmapViewOfFile',
'CloseHandle',
'LocalFree',
'LocalAlloc',
'GetModuleHandleA',
'LoadLibraryA',
'GetProcAddress',
'MultiByteToWideChar',
'WideCharToMultiByte',
'OpenMutexW',
'CreateMutexW',
'lstrlenW',
'CreateFileMappingW',
'GetModuleFileNameW',
'lstrcatW',
'LoadLibraryW',
'LCMapStringW',
'LCMapStringA',
'GetStringTypeW',
'GetStringTypeA',
'GetCurrentProcessId',
'SetLastError',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoW',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'InitializeCriticalSection',
'Sleep',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'HeapSize',
'GetLocaleInfoA',
'HeapReAlloc',
'DefWindowProcW',
'PostQuitMessage',
'EndPaint',
'BeginPaint',
'CreateWindowExW',
'RegisterClassExW',
'DispatchMessageW',
'TranslateMessage',
'GetMessageW',
'GetSecurityDescriptorSacl'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 83,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 176,
'SectionNames': {'.data\x00\x00\x00': 7168,
'.pdata\x00\x00': 2048,
'.rdata\x00\x00': 19456,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 30208},
'StackReserveSize': 1048576,
'filename': './data/malware/3e09126bb9245f524be55e3ca1ac11e26b8ecb26f455fe8d6fef90d78b35e259'},
'3e12b00604bbb40f673a38bc80ea882874c2fa3b2670b136e0b9b79dd915a1fa': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 394072,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 325632,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/3e12b00604bbb40f673a38bc80ea882874c2fa3b2670b136e0b9b79dd915a1fa'},
'3e1b7db89d3cc871443a8d09b54554fd19b2fcc67d8b32e767348284ec2df4e4': {'AddressOfEntryPoint': 72032,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 147456,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'HeapFree',
'OLEAUT32.dll': 'SysAllocStringLen',
'SETUPAPI.dll': 'SetupDiDestroyDeviceInfoList',
'SHELL32.dll': 'SHGetFolderPathA',
'SHLWAPI.dll': 'PathIsDirectoryA',
'USER32.dll': 'GetWindowThreadProcessId',
'VERSION.dll': 'VerQueryValueA',
'ole32.dll': 'CoSetProxyBlanket'},
'ImportedFunctions': ['GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiGetClassDevsA',
'SetupDiGetDeviceInstanceIdA',
'SetupDiClassGuidsFromNameA',
'SetupDiGetINFClassA',
'SetupDiGetDeviceInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiEnumDriverInfoA',
'SetupDiBuildDriverInfoList',
'SetupDiSetDeviceInstallParamsA',
'SetupDiRegisterDeviceInfo',
'SetupDiSetDeviceRegistryPropertyA',
'SetupDiCreateDeviceInfoA',
'SetupDiCreateDeviceInfoList',
'SetupDiDestroyDriverInfoList',
'SetupDiSetSelectedDevice',
'SetupDiGetDriverInfoDetailA',
'SetupDiRemoveDevice',
'SetupDiDestroyDeviceInfoList',
'PathAppendA',
'PathIsDirectoryA',
'CreateProcessA',
'FindClose',
'FindNextFileA',
'SetLastError',
'FindFirstFileA',
'GetSystemDirectoryA',
'GetProcAddress',
'GetModuleHandleA',
'Sleep',
'GetModuleFileNameA',
'SetCurrentDirectoryA',
'GetFullPathNameA',
'DeleteFileA',
'SetFileAttributesA',
'GetFileAttributesA',
'GetVersionExA',
'GetComputerNameA',
'GetUserDefaultLangID',
'GetCurrentDirectoryA',
'GetWindowsDirectoryA',
'GetCurrentProcess',
'ReleaseMutex',
'CreateDirectoryA',
'MapViewOfFile',
'CreateFileMappingA',
'CreateMutexA',
'UnmapViewOfFile',
'GetTimeFormatA',
'GetLocalTime',
'OutputDebugStringA',
'MoveFileExA',
'LocalAlloc',
'GetCurrentThread',
'FreeLibrary',
'SetEnvironmentVariableA',
'Module32First',
'CreateToolhelp32Snapshot',
'Process32Next',
'Process32First',
'TerminateProcess',
'OpenProcess',
'CloseHandle',
'DeviceIoControl',
'CreateFileA',
'GetPrivateProfileStringA',
'WaitForSingleObject',
'GlobalUnlock',
'GlobalLock',
'GlobalAlloc',
'CopyFileA',
'GetCurrentProcessId',
'GetCurrentThreadId',
'RemoveDirectoryA',
'WriteFile',
'SetFilePointer',
'RtlVirtualUnwind',
'DeleteCriticalSection',
'GetFileType',
'GetStdHandle',
'SetHandleCount',
'LeaveCriticalSection',
'EnterCriticalSection',
'RtlPcToFileHeader',
'RaiseException',
'LCMapStringW',
'WideCharToMultiByte',
'LCMapStringA',
'RtlCaptureContext',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'FlsAlloc',
'FlsFree',
'TlsFree',
'FlsSetValue',
'SetStdHandle',
'FlsGetValue',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'WinExec',
'GetLastError',
'FormatMessageA',
'LocalFree',
'LoadLibraryA',
'InitializeCriticalSection',
'GetConsoleCP',
'GlobalFree',
'GetExitCodeProcess',
'GetConsoleMode',
'FlushFileBuffers',
'GetSystemTimeAsFileTime',
'HeapSetInformation',
'HeapCreate',
'HeapSize',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetTickCount',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'ReadFile',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'MultiByteToWideChar',
'GetCPInfo',
'GetStartupInfoA',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'SetEndOfFile',
'HeapReAlloc',
'HeapAlloc',
'GetCommandLineA',
'RtlUnwindEx',
'RtlLookupFunctionEntry',
'ExitProcess',
'HeapFree',
'EndDeferWindowPos',
'LoadImageA',
'UpdateWindow',
'MessageBoxA',
'LoadStringA',
'GetWindowRect',
'ShowWindow',
'DeferWindowPos',
'GetClientRect',
'GetSystemMetrics',
'SetWindowPos',
'SendMessageA',
'CopyRect',
'GetParent',
'CheckDlgButton',
'SetDlgItemTextA',
'GetDlgItem',
'EnableWindow',
'EndDialog',
'IsDlgButtonChecked',
'LoadBitmapA',
'EnumWindows',
'DialogBoxParamA',
'GetWindowInfo',
'ExitWindowsEx',
'CreateWindowExA',
'OffsetRect',
'GetDesktopWindow',
'BeginDeferWindowPos',
'GetWindowThreadProcessId',
'OpenSCManagerA',
'OpenServiceA',
'ControlService',
'QueryServiceStatus',
'DeleteService',
'CloseServiceHandle',
'ImpersonateSelf',
'OpenThreadToken',
'AllocateAndInitializeSid',
'InitializeSecurityDescriptor',
'GetLengthSid',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'SetSecurityDescriptorGroup',
'SetSecurityDescriptorOwner',
'IsValidSecurityDescriptor',
'AccessCheck',
'RevertToSelf',
'FreeSid',
'RegDeleteValueA',
'RegEnumValueA',
'RegEnumKeyExA',
'RegQueryInfoKeyA',
'RegDeleteKeyA',
'LookupPrivilegeValueA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'RegSetValueExA',
'GetUserNameA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'SHGetSpecialFolderPathA',
'SHGetFolderPathA',
'CoUninitialize',
'CoCreateInstance',
'CoInitialize',
'CoSetProxyBlanket',
'SysStringLen',
'SysFreeString',
'SysAllocStringLen'],
'LinkerVersion': 8,
'NumberOfImportDLL': 10,
'NumberOfImportFunctions': 220,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 318140,
'SectionNames': {'.data\x00\x00\x00': 7168,
'.pdata\x00\x00': 8704,
'.rdata\x00\x00': 55808,
'.rsrc\x00\x00\x00': 318464,
'.text\x00\x00\x00': 141824},
'StackReserveSize': 1048576,
'filename': './data/malware/3e1b7db89d3cc871443a8d09b54554fd19b2fcc67d8b32e767348284ec2df4e4'},
'3e814b46804787fc22a09b5915ebffa456317b7425df9eaaaea727fab2e85b01': {'AddressOfEntryPoint': 5904,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 0,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'VirtualQuery',
'msvcrt.dll': 'vfprintf'},
'ImportedFunctions': ['DeleteCriticalSection',
'EnterCriticalSection',
'FreeLibrary',
'GetCurrentProcess',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetLastError',
'GetModuleHandleA',
'GetProcAddress',
'GetStartupInfoA',
'GetSystemTimeAsFileTime',
'GetTickCount',
'InitializeCriticalSection',
'LeaveCriticalSection',
'LoadLibraryA',
'QueryPerformanceCounter',
'RtlAddFunctionTable',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'Sleep',
'TerminateProcess',
'TlsGetValue',
'UnhandledExceptionFilter',
'VirtualProtect',
'VirtualQuery',
'__dllonexit',
'__getmainargs',
'__initenv',
'__iob_func',
'__lconv_init',
'__set_app_type',
'__setusermatherr',
'_acmdln',
'_amsg_exit',
'_cexit',
'_fmode',
'_initterm',
'_lock',
'_onexit',
'_unlock',
'_vsnprintf',
'abort',
'calloc',
'exit',
'fclose',
'fopen',
'fprintf',
'fread',
'free',
'fseek',
'ftell',
'fwrite',
'getchar',
'malloc',
'memcpy',
'printf',
'puts',
'rewind',
'signal',
'sprintf',
'sscanf',
'strcmp',
'strcpy',
'strlen',
'strncmp',
'strncpy',
'strtoul',
'vfprintf'],
'LinkerVersion': 2,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 70,
'NumberOfSections': 7,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.bss\x00\x00\x00\x00': 0,
'.data\x00\x00\x00': 512,
'.idata\x00\x00': 2560,
'.rdata\x00\x00': 54272,
'.text\x00\x00\x00': 70656,
'.tls\x00\x00\x00\x00': 512},
'StackReserveSize': 2097152,
'filename': './data/malware/3e814b46804787fc22a09b5915ebffa456317b7425df9eaaaea727fab2e85b01'},
'3ea7116346c1059548b52f43f3564672120c322f89d712902c664f6c0706d28c': {'AddressOfEntryPoint': 1381712,
'DebugRVA': 1555264,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 1548288,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 173972,
'SectionNames': {'.data\x00\x00\x00': 32768,
'.pdata\x00\x00': 77824,
'.rdata\x00\x00': 552960,
'.reloc\x00\x00': 77824,
'.rsrc\x00\x00\x00': 174080,
'.text\x00\x00\x00': 1540608,
'data\x00\x00\x00\x00': 2048,
'text\x00\x00\x00\x00': 3072},
'StackReserveSize': 1048576,
'filename': './data/malware/3ea7116346c1059548b52f43f3564672120c322f89d712902c664f6c0706d28c'},
'3eab2d7a09996e92d91a04b51073dddc2abc99dbe2ddc713faefb3b913ba108b': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 127992,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 128000,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/3eab2d7a09996e92d91a04b51073dddc2abc99dbe2ddc713faefb3b913ba108b'},
'3ef2ac6a6fd915f211f2c40a44c3065ce81720362fd00bdbc3bb47e003a3fba8': {'AddressOfEntryPoint': 127596,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 626688,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'keybd_event',
'VkKeyScanA',
'GetKeyboardLayoutNameA',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 120536,
'SectionNames': {'.data\x00\x00\x00': 17920,
'.pdata\x00\x00': 27136,
'.rdata\x00\x00': 87040,
'.rsrc\x00\x00\x00': 120832,
'.text\x00\x00\x00': 620544},
'StackReserveSize': 4194304,
'filename': './data/malware/3ef2ac6a6fd915f211f2c40a44c3065ce81720362fd00bdbc3bb47e003a3fba8'},
'3f09ec2b3e1a0c6ab91b596f0302e76fb741a80039db91693ac93a7b71113610': {'AddressOfEntryPoint': 2483035,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 2478872,
'ExportSize': 3152,
'IATRVA': 2491904,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExA',
'COMCTL32.dll': 'DestroyPropertySheetPage',
'GDI32.dll': 'SelectObject',
'KERNEL32.dll': 'ExitProcess',
'OLEAUT32.dll': 'VarUI4FromStr',
'SETUPAPI.dll': 'CM_Request_Device_EjectW',
'SHELL32.dll': 'SHGetDataFromIDListW',
'SHLWAPI.dll': 'PathCompactPathExW',
'USER32.dll': 'GetDC',
'VERSION.dll': 'VerQueryValueW',
'ole32.dll': 'CoTaskMemFree',
'sqlite.dll': '?execDML@CppSQLite3DB@@UEAAHPEBD@Z',
'urlmon.dll': 'URLDownloadToCacheFileW'},
'ImportedFunctions': ['SetupDiGetClassDevsW',
'SetupDiEnumDeviceInterfaces',
'SetupDiGetDeviceInterfaceDetailW',
'SetupDiDestroyDeviceInfoList',
'CM_Get_Parent',
'CM_Request_Device_EjectW',
'GetModuleHandleW',
'GetModuleFileNameW',
'FreeLibrary',
'SizeofResource',
'LoadResource',
'FindResourceW',
'LoadLibraryExW',
'lstrcmpiW',
'GetPrivateProfileStringW',
'WinExec',
'GetSystemPowerStatus',
'MapViewOfFile',
'CreateFileMappingW',
'CreateMutexW',
'ReleaseMutex',
'GetExitCodeThread',
'lstrcmpW',
'lstrcpyW',
'GetVersionExW',
'ExpandEnvironmentStringsW',
'GetLongPathNameW',
'GetShortPathNameA',
'WideCharToMultiByte',
'QueryDosDeviceW',
'GetDriveTypeW',
'GetSystemTime',
'GetFileSize',
'GetShortPathNameW',
'FindFirstFileW',
'FindNextFileW',
'FindClose',
'ExpandEnvironmentStringsA',
'SetEnvironmentVariableA',
'CompareStringW',
'CompareStringA',
'CreateFileA',
'GetDriveTypeA',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'GetLocaleInfoW',
'GetStringTypeA',
'IsValidLocale',
'EnumSystemLocalesA',
'GetLocaleInfoA',
'GetUserDefaultLCID',
'GetCommandLineW',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetConsoleMode',
'GetConsoleCP',
'GetTimeZoneInformation',
'InitializeCriticalSectionAndSpinCount',
'GetSystemDirectoryW',
'GetStartupInfoA',
'SetHandleCount',
'HeapReAlloc',
'GetCurrentDirectoryA',
'GetFileType',
'PeekNamedPipe',
'GetFileInformationByHandle',
'GetFullPathNameW',
'HeapSize',
'GetModuleFileNameA',
'GetStdHandle',
'HeapCreate',
'HeapSetInformation',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'FlsAlloc',
'FlsFree',
'FlsSetValue',
'FlsGetValue',
'DecodePointer',
'EncodePointer',
'GetStringTypeW',
'GetCPInfo',
'LCMapStringW',
'LCMapStringA',
'GetStartupInfoW',
'GetTimeFormatA',
'GetDateFormatA',
'GetSystemTimeAsFileTime',
'ExitProcess',
'RemoveDirectoryW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'RtlCaptureContext',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'DeleteFileW',
'RtlPcToFileHeader',
'RtlUnwindEx',
'RtlLookupFunctionEntry',
'InterlockedPopEntrySList',
'GetProcessHeap',
'HeapAlloc',
'HeapFree',
'InterlockedPushEntrySList',
'QueryPerformanceCounter',
'lstrcpynW',
'UnmapViewOfFile',
'LoadLibraryW',
'GetProcAddress',
'GetTempPathW',
'GetCurrentProcessId',
'DeviceIoControl',
'GlobalSize',
'GlobalAlloc',
'GlobalLock',
'GlobalFree',
'GlobalUnlock',
'FormatMessageW',
'SetLastError',
'GetCurrentThreadId',
'RaiseException',
'LocalFree',
'TerminateThread',
'GetDiskFreeSpaceExW',
'GlobalMemoryStatusEx',
'OpenEventW',
'SetEvent',
'Sleep',
'GetTickCount',
'WaitForMultipleObjects',
'ResetEvent',
'CreateEventW',
'GetLastError',
'WaitForSingleObject',
'FlushInstructionCache',
'GetOverlappedResult',
'DeleteCriticalSection',
'InitializeCriticalSection',
'MultiByteToWideChar',
'GetVolumeInformationW',
'CreateThread',
'SetThreadPriority',
'SetFilePointer',
'ReadFile',
'VirtualFree',
'VirtualAlloc',
'CloseHandle',
'SetFilePointerEx',
'SetEndOfFile',
'WriteFile',
'FlushFileBuffers',
'CreateFileW',
'SetFileAttributesW',
'LeaveCriticalSection',
'EnterCriticalSection',
'lstrlenA',
'OutputDebugStringW',
'DebugBreak',
'lstrlenW',
'GetCurrentProcess',
'LoadLibraryA',
'RemovePropW',
'PtInRect',
'GetScrollInfo',
'DrawFrameControl',
'DrawFocusRect',
'DrawEdge',
'UpdateWindow',
'GetScrollPos',
'GetScrollRange',
'SetScrollPos',
'SetScrollInfo',
'BeginPaint',
'EndPaint',
'ReleaseDC',
'DestroyIcon',
'SetRectEmpty',
'GetKeyState',
'GetActiveWindow',
'UnregisterClassA',
'EndDialog',
'DialogBoxParamW',
'SendMessageW',
'SetDlgItemTextW',
'GetParent',
'LoadCursorW',
'SetCursor',
'GetPropW',
'GetDlgItem',
'SetWindowPos',
'MapWindowPoints',
'GetClientRect',
'GetMonitorInfoW',
'MonitorFromWindow',
'GetWindowLongW',
'GetWindowRect',
'GetWindow',
'CharNextW',
'wvsprintfW',
'LoadStringW',
'SetWindowLongPtrW',
'SetForegroundWindow',
'ShowWindow',
'IsWindowVisible',
'SetTimer',
'KillTimer',
'GetClassInfoExW',
'RegisterClassExW',
'LoadImageW',
'SetPropW',
'GetSysColor',
'ExitWindowsEx',
'CharLowerW',
'CharUpperBuffW',
'SetParent',
'EnableMenuItem',
'CreateWindowExW',
'InvalidateRect',
'BeginDeferWindowPos',
'DeferWindowPos',
'EndDeferWindowPos',
'GetMenuItemInfoW',
'SetFocus',
'MessageBoxW',
'SendInput',
'GetSystemMetrics',
'DefWindowProcW',
'InflateRect',
'SetMenuItemInfoW',
'GetMenu',
'DrawMenuBar',
'SetWindowLongW',
'IsDialogMessageW',
'BringWindowToTop',
'MoveWindow',
'IsIconic',
'RemoveMenu',
'CheckMenuItem',
'AppendMenuW',
'ClientToScreen',
'GetDlgCtrlID',
'GetSysColorBrush',
'IsMenu',
'EnumWindows',
'PostQuitMessage',
'GetLastInputInfo',
'LoadIconW',
'GetDesktopWindow',
'CharUpperW',
'GetWindowTextLengthW',
'MessageBeep',
'ScreenToClient',
'SetMenuDefaultItem',
'MonitorFromPoint',
'GetMenuItemID',
'TrackPopupMenu',
'PostMessageW',
'DestroyWindow',
'PeekMessageW',
'GetMessageW',
'TranslateMessage',
'DispatchMessageW',
'GetSubMenu',
'LoadMenuW',
'DestroyMenu',
'GetCursorPos',
'RegisterWindowMessageW',
'CreateDialogParamW',
'wsprintfW',
'SetRect',
'DrawTextW',
'OffsetRect',
'CopyRect',
'CallWindowProcW',
'GetWindowLongPtrW',
'IsWindow',
'SetDlgItemInt',
'IsDlgButtonChecked',
'GetDlgItemTextW',
'GetDlgItemInt',
'CheckDlgButton',
'EnableWindow',
'SetWindowTextW',
'GetDC',
'GetTextColor',
'SetBkMode',
'ExcludeClipRect',
'GetViewportOrgEx',
'SetMapMode',
'CreateSolidBrush',
'SetTextColor',
'GetTextMetricsW',
'DPtoLP',
'LPtoDP',
'SetWindowOrgEx',
'GetClipBox',
'CreateCompatibleDC',
'GetCurrentPositionEx',
'GetDeviceCaps',
'SaveDC',
'GetStockObject',
'CreateFontIndirectW',
'DeleteObject',
'GetObjectW',
'ExtTextOutW',
'SetBkColor',
'DeleteDC',
'RestoreDC',
'GetTextExtentPoint32W',
'GetTextFaceW',
'CreateCompatibleBitmap',
'CreatePen',
'BitBlt',
'SelectObject',
'RegQueryValueExA',
'RegQueryValueExW',
'RegQueryInfoKeyW',
'RegEnumKeyExW',
'RegOpenKeyExW',
'RegDeleteValueW',
'RegDeleteKeyW',
'OpenSCManagerW',
'CreateServiceW',
'CloseServiceHandle',
'RegCreateKeyExW',
'RegSetValueExW',
'RegCloseKey',
'OpenProcessToken',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'InitializeSecurityDescriptor',
'SetSecurityDescriptorDacl',
'RegOpenKeyExA',
'SHBindToParent',
'SHGetSpecialFolderPathW',
'Shell_NotifyIconW',
'SHGetFileInfoW',
'SHFileOperationW',
'SHGetSpecialFolderPathA',
'DragQueryFileW',
'DragFinish',
'ShellExecuteW',
'SHBrowseForFolderW',
'SHGetPathFromIDListW',
'SHGetDataFromIDListW',
'ReleaseStgMedium',
'DoDragDrop',
'CoTaskMemRealloc',
'CoUninitialize',
'OleInitialize',
'CoCreateInstance',
'CoTaskMemAlloc',
'CoInitialize',
'CoTaskMemFree',
'VarUI4FromStr',
'?open@CppSQLite3DB@@UEAAXPEBD_N@Z',
'?isInitialized@CppSQLite3DB@@UEAA_NXZ',
'??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z',
'?execQuery@CppSQLite3DB@@UEAA?AVCppSQLite3Query@@PEBD@Z',
'?eof@CppSQLite3Query@@UEAA_NXZ',
'?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z',
'?nextRow@CppSQLite3Query@@UEAAXXZ',
'??1CppSQLite3Query@@UEAA@XZ',
'??1CTransaction@@UEAA@XZ',
'?close@CppSQLite3DB@@UEAAXXZ',
'??1CppSQLite3Buffer@@UEAA@XZ',
'?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ',
'?lastRowId@CppSQLite3DB@@UEAA_JXZ',
'??0CppSQLite3Buffer@@QEAA@XZ',
'??0CppSQLite3DB@@QEAA@XZ',
'??1CppSQLite3DB@@UEAA@XZ',
'?execDML@CppSQLite3DB@@UEAAHPEBD@Z',
'StrFromTimeIntervalW',
'StrRetToBufW',
'PathCompactPathExW',
'ImageList_Draw',
'ImageList_GetImageInfo',
'CreatePropertySheetPageW',
'ImageList_GetIconSize',
'ImageList_GetImageCount',
'ImageList_ReplaceIcon',
'ImageList_SetImageCount',
'ImageList_SetOverlayImage',
'InitCommonControlsEx',
'ImageList_Create',
'PropertySheetW',
'DestroyPropertySheetPage',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'URLDownloadToCacheFileW',
'GetModuleHandleA',
'LoadLibraryA',
'LocalAlloc',
'LocalFree',
'GetModuleFileNameA',
'ExitProcess'],
'LinkerVersion': 9,
'NumberOfImportDLL': 14,
'NumberOfImportFunctions': 403,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 617216,
'SectionNames': {'.data\x00\x00\x00': 0,
'.pdata\x00\x00': 0,
'.rdata\x00\x00': 0,
'.rsrc\x00\x00\x00': 583680,
'.text\x00\x00\x00': 0,
'.tls\x00\x00\x00\x00': 512,
'.vmp0\x00\x00\x00': 0,
'.vmp1\x00\x00\x00': 551936},
'StackReserveSize': 1048576,
'filename': './data/malware/3f09ec2b3e1a0c6ab91b596f0302e76fb741a80039db91693ac93a7b71113610'},
'3f25be90c7c84ae837e874dbc5fec5f28f3bb087746bd24e3ba11cc7ea130f2a': {'AddressOfEntryPoint': 3125568,
'DebugRVA': 6171360,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 6160384,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 753908,
'SectionNames': {'.data\x00\x00\x00': 247296,
'.pdata\x00\x00': 204800,
'.rdata\x00\x00': 1924096,
'.reloc\x00\x00': 43520,
'.rsrc\x00\x00\x00': 754176,
'.text\x00\x00\x00': 6155776,
'data\x00\x00\x00\x00': 30720,
'text\x00\x00\x00\x00': 9216},
'StackReserveSize': 1048576,
'filename': './data/malware/3f25be90c7c84ae837e874dbc5fec5f28f3bb087746bd24e3ba11cc7ea130f2a'},
'3f3132b1fd2148c34b83c49946fe472b7d81696665fd9c8008150a3053857261': {'AddressOfEntryPoint': 7792,
'DebugRVA': 45680,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'MD5Init',
'KERNEL32.dll': 'GetProcessHeap',
'WS2_32.dll': 'WSAStartup',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlTimeToTimeFields',
'RtlComputeCrc32',
'sprintf',
'RtlStringFromGUID',
'RtlInitUnicodeString',
'ZwWriteFile',
'ZwSetValueKey',
'wcstoul',
'ZwQueryVolumeInformationFile',
'RtlTimeToSecondsSince1970',
'RtlNtStatusToDosError',
'ZwCreateFile',
'LdrAccessResource',
'LdrFindResource_U',
'RtlFreeUnicodeString',
'ZwSetContextThread',
'ZwWriteVirtualMemory',
'ZwProtectVirtualMemory',
'ZwSetInformationFile',
'ZwWaitForSingleObject',
'ZwGetContextThread',
'RtlExitUserThread',
'RtlCreateUserThread',
'ZwDuplicateObject',
'ZwOpenFile',
'RtlDosPathNameToNtPathName_U',
'ZwClose',
'RtlAdjustPrivilege',
'ZwImpersonateThread',
'ZwOpenThread',
'ZwOpenProcess',
'ZwQuerySystemInformation',
'ZwOpenKey',
'ZwQueryValueKey',
'RtlIpv4StringToAddressExW',
'_wtoi64',
'wcschr',
'ZwQueueApcThread',
'ZwAllocateVirtualMemory',
'RtlEqualUnicodeString',
'ZwOpenEvent',
'ZwResumeThread',
'ZwQueryInformationFile',
'ZwCreateKey',
'LdrFindEntryForAddress',
'__chkstk',
'memcpy',
'GetVersion',
'GetLastError',
'BindIoCompletionCallback',
'GetSystemDefaultLangID',
'HeapAlloc',
'GetSystemTimeAsFileTime',
'Sleep',
'GetCommandLineW',
'LoadLibraryExW',
'ExitProcess',
'VirtualFree',
'VirtualAlloc',
'GetModuleHandleW',
'HeapFree',
'GetProcessHeap',
'MD5Final',
'MD5Update',
'MD5Init',
'WSASend',
'WSARecv',
'WSAIoctl',
'bind',
'closesocket',
'WSAGetLastError',
'WSASocketW',
'WSAStartup'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 73,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 2560,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 5120,
'.rsrc\x00\x00\x00': 2560,
'.text\x00\x00\x00': 40960},
'StackReserveSize': 1048576,
'filename': './data/malware/3f3132b1fd2148c34b83c49946fe472b7d81696665fd9c8008150a3053857261'},
'3f4c9f83b441cec84667f4ba1e937788b32d1d29315ab0e874df73bee2657ce2': {'AddressOfEntryPoint': 258986,
'DebugRVA': 6080,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'CloseServiceHandle',
'KERNEL32.dll': 'CreateThread',
'OLEAUT32.dll': 'SysAllocString',
'POWRPROF.dll': 'PowerDeterminePlatformRole',
'SHELL32.dll': 'CommandLineToArgvW',
'SHLWAPI.dll': 'PathFileExistsW',
'USER32.dll': 'GetSystemMetrics',
'WINHTTP.dll': 'WinHttpOpen',
'msvcrt.dll': 'wcsstr',
'ntdll.dll': 'RtlAllocateHeap',
'ole32.dll': 'StringFromGUID2',
'tdh.dll': 'TdhGetProperty',
'wevtapi.dll': 'EvtClose'},
'ImportedFunctions': ['ProcessTrace',
'EnableTraceEx',
'TraceMessage',
'UpdateTraceW',
'ControlTraceW',
'GetTraceEnableFlags',
'CloseTrace',
'RegQueryValueExW',
'RegQueryInfoKeyW',
'GetTraceLoggerHandle',
'StopTraceW',
'StartTraceW',
'RegDeleteValueW',
'UnregisterTraceGuids',
'RegEnumValueW',
'IsValidSid',
'RegOpenKeyExW',
'GetTraceEnableLevel',
'RegEnumKeyExW',
'QueryTraceW',
'OpenTraceW',
'RegCloseKey',
'RegisterTraceGuidsW',
'RegisterEventSourceW',
'RegCreateKeyExW',
'DeregisterEventSource',
'ReportEventW',
'ConvertSidToStringSidW',
'RegSetValueExW',
'CopySid',
'GetLengthSid',
'OpenProcessToken',
'OpenSCManagerW',
'OpenServiceW',
'GetTokenInformation',
'SetNamedSecurityInfoW',
'TraceEvent',
'QueryServiceStatus',
'GetSecurityDescriptorOwner',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'GetSecurityDescriptorDacl',
'ImpersonateLoggedOnUser',
'RevertToSelf',
'RegGetValueW',
'CloseServiceHandle',
'FindNextFileW',
'GetFileAttributesExW',
'CloseHandle',
'DeleteFileW',
'GetSystemTime',
'SetFileAttributesW',
'GetActiveProcessorCount',
'GetSystemDefaultUILanguage',
'FreeLibrary',
'GetSystemDefaultLCID',
'GetUserGeoID',
'LoadLibraryW',
'GetLogicalProcessorInformationEx',
'GetProcAddress',
'GlobalMemoryStatusEx',
'GetProductInfo',
'GetSystemInfo',
'LocalFree',
'DeleteCriticalSection',
'CreateEventW',
'ResetEvent',
'EnterCriticalSection',
'HeapSetInformation',
'ReadFile',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'SetEvent',
'CreateFileMappingW',
'ReleaseMutex',
'GetThreadPriority',
'WaitForMultipleObjects',
'LockResource',
'GlobalFree',
'SetLastError',
'GetLongPathNameW',
'GetFileSizeEx',
'GetTempPathW',
'GetFileAttributesW',
'VirtualAlloc',
'DuplicateHandle',
'VirtualFree',
'UnmapViewOfFile',
'MapViewOfFile',
'GetFileSize',
'ExpandEnvironmentStringsW',
'LocalAlloc',
'Sleep',
'GetStartupInfoW',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SizeofResource',
'CreateDirectoryW',
'SetFilePointerEx',
'LoadLibraryExW',
'LoadResource',
'lstrlenW',
'GetModuleFileNameW',
'GetSystemDirectoryW',
'GetEnvironmentVariableW',
'GetLocalTime',
'FindClose',
'GetLastError',
'SetThreadPriority',
'CreateFileW',
'GetExitCodeProcess',
'GetVersionExW',
'WriteFile',
'GetCurrentThread',
'GetTickCount',
'GetModuleHandleW',
'WaitForSingleObject',
'CompareFileTime',
'MoveFileExW',
'SystemTimeToFileTime',
'CreateProcessW',
'FindFirstFileW',
'CreateMutexW',
'GetCommandLineW',
'FreeLibraryAndExitThread',
'FindResourceW',
'FreeResource',
'GetTempFileNameW',
'FileTimeToDosDateTime',
'CreateThread',
'LoadStringW',
'MsgWaitForMultipleObjects',
'TranslateMessage',
'PeekMessageW',
'DispatchMessageW',
'GetSystemMetrics',
'memmove',
'ceilf',
'memcpy',
'memset',
'_vsnwprintf',
'towupper',
'wcschr',
'malloc',
'wcstok_s',
'_purecall',
'?terminate@@YAXXZ',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_initterm',
'_acmdln',
'exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'free',
'_callnewh',
'_wcsicmp',
'__CxxFrameHandler3',
'_wcsnicmp',
'_vsnprintf',
'realloc',
'wcstoul',
'wcsrchr',
'wcsstr',
'StrToIntExW',
'StrStrIW',
'PathFindFileNameW',
'PathCombineW',
'PathAppendW',
'PathRemoveExtensionW',
'PathFileExistsW',
'TdhGetPropertySize',
'TdhGetProperty',
'CoCreateGuid',
'StringFromGUID2',
'SHGetFolderPathW',
'SHGetFolderPathAndSubDirW',
'CommandLineToArgvW',
'WinHttpGetIEProxyConfigForCurrentUser',
'WinHttpSendRequest',
'WinHttpWriteData',
'WinHttpConnect',
'WinHttpCloseHandle',
'WinHttpReadData',
'WinHttpSetStatusCallback',
'WinHttpCrackUrl',
'WinHttpGetProxyForUrl',
'WinHttpOpenRequest',
'WinHttpReceiveResponse',
'WinHttpSetTimeouts',
'WinHttpGetDefaultProxyConfiguration',
'WinHttpSetCredentials',
'WinHttpQueryHeaders',
'WinHttpSetOption',
'WinHttpOpen',
'EvtNext',
'EvtQuery',
'EvtRender',
'EvtCreateRenderContext',
'EvtClose',
'PowerDeterminePlatformRole',
'NtQuerySystemTime',
'RtlFreeHeap',
'RtlAllocateHeap',
'SysFreeString',
'SysAllocString'],
'LinkerVersion': 9,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 225,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 29616,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 6144,
'.reloc\x00\x00': 28672,
'.rsrc\x00\x00\x00': 29696,
'.text\x00\x00\x00': 254976,
'ajduvis\x00': 0},
'StackReserveSize': 524288,
'filename': './data/malware/3f4c9f83b441cec84667f4ba1e937788b32d1d29315ab0e874df73bee2657ce2'},
'3f65fc632a0189985f0818a04853cb775ee86b280dc9ae2edf56a6d576dde59b': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 393004,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 393216,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/3f65fc632a0189985f0818a04853cb775ee86b280dc9ae2edf56a6d576dde59b'},
'3f842bd4ef9728e19a5f16177ecd9b351f9f55105cff731c86ec99693e67fd8e': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'GetTickCount',
'SetUnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'GetCommandLineW',
'UnhandledExceptionFilter',
'ExitProcess',
'HeapSetInformation',
'EnumResourceNamesW',
'FindResourceW',
'FreeLibrary',
'LoadResource',
'CreateProcessW',
'HeapAlloc',
'GetSystemWindowsDirectoryW',
'HeapFree',
'CreateDirectoryW',
'WaitForSingleObject',
'GetProcessHeap',
'WriteFile',
'GetSystemDirectoryW',
'LoadLibraryW',
'SizeofResource',
'GetExitCodeProcess',
'CreateFileW',
'GetLastError',
'GetCurrentDirectoryW',
'GetProcAddress',
'LockResource',
'SetCurrentDirectoryW',
'RemoveDirectoryW',
'CloseHandle',
'DeleteFileW',
'SetFileAttributesW',
'RegCloseKey',
'RegOpenKeyExW',
'RegDeleteValueW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 50,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 253156,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 253440,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/3f842bd4ef9728e19a5f16177ecd9b351f9f55105cff731c86ec99693e67fd8e'},
'3f871160d4ddc76584e793ec3f40f1deb83a2f7b5616e2306f720e5b4dbc1f91': {'AddressOfEntryPoint': 35804,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'KERNEL32.dll': 'WideCharToMultiByte',
'PSAPI.DLL': 'EnumProcessModules',
'USER32.dll': 'MessageBoxA'},
'ImportedFunctions': ['GetModuleBaseNameW',
'GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'GetStringTypeW',
'GetModuleFileNameW',
'CreateFileW',
'GetLastError',
'Sleep',
'GetCurrentProcess',
'SetPriorityClass',
'CreateThread',
'SetThreadPriority',
'CloseHandle',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetExitCodeProcess',
'TerminateProcess',
'MultiByteToWideChar',
'LCMapStringW',
'OpenProcess',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetProcAddress',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'LoadLibraryW',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'MessageBoxA',
'LookupPrivilegeValueW',
'OpenProcessToken',
'AdjustTokenPrivileges'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 75,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 59904},
'StackReserveSize': 1048576,
'filename': './data/malware/3f871160d4ddc76584e793ec3f40f1deb83a2f7b5616e2306f720e5b4dbc1f91'},
'3fa426d290f3e54baa17d1b867e5edc9e83d9d7b8aa38247dbad72d8f87e06ec': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1706368,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1625088,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/3fa426d290f3e54baa17d1b867e5edc9e83d9d7b8aa38247dbad72d8f87e06ec'},
'3fca9fe19d2fe89cb9391ffe22b869cb8cf652734b4a988ee2a51557616abc25': {'AddressOfEntryPoint': 1073811933,
'DebugRVA': 5056,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'GetCurrentThreadId',
'SETUPAPI.dll': 'SetupDiGetDriverInfoDetailW',
'USER32.dll': 'LoadStringW',
'msvcrt.dll': 'fputws'},
'ImportedFunctions': ['__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_initterm',
'__wgetmainargs',
'__winitenv',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'memset',
'wprintf',
'wcsrchr',
'_wcsicmp',
'_wcsnicmp',
'iswalpha',
'towupper',
'towlower',
'wcschr',
'??2@YAPEAX_K@Z',
'??3@YAXPEAX@Z',
'_iob',
'fputs',
'fputws',
'CloseServiceHandle',
'RegDeleteValueW',
'RegCloseKey',
'RegQueryValueExW',
'OpenProcessToken',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'OpenServiceW',
'OpenSCManagerW',
'RegSetValueExW',
'QueryPerformanceCounter',
'GetFullPathNameW',
'GetFileAttributesW',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'lstrcpynW',
'GetTickCount',
'GetDateFormatW',
'lstrcpyW',
'lstrlenW',
'GetLastError',
'GetCurrentProcess',
'CloseHandle',
'FormatMessageW',
'LocalFree',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'FileTimeToSystemTime',
'GetCurrentThreadId',
'SetupDiOpenDevRegKey',
'SetupDiEnumDriverInfoW',
'SetupDiBuildDriverInfoList',
'SetupDiSetDeviceInstallParamsW',
'SetupDiGetDeviceInstallParamsW',
'SetupCloseFileQueue',
'SetupScanFileQueueW',
'SetupDiCallClassInstaller',
'SetupOpenFileQueue',
'SetupDiSetSelectedDriverW',
'SetupDiGetDriverInstallParamsW',
'SetupDiOpenClassRegKeyExW',
'SetupDiGetClassDescriptionExW',
'SetupDiClassNameFromGuidExW',
'SetupDiBuildClassInfoListExW',
'SetupDiSetClassInstallParamsW',
'SetupDiSetDeviceRegistryPropertyW',
'SetupDiCreateDeviceInfoW',
'SetupDiCreateDeviceInfoList',
'SetupDiGetINFClassW',
'SetupDiDestroyDriverInfoList',
'CM_Disconnect_Machine',
'CM_Reenumerate_DevNode_Ex',
'CM_Locate_DevNode_ExW',
'CM_Connect_MachineW',
'CM_Get_First_Log_Conf_Ex',
'CM_Free_Log_Conf_Handle',
'CM_Get_Next_Res_Des_Ex',
'CM_Free_Res_Des_Handle',
'SetupDiGetDeviceRegistryPropertyW',
'SetupDiDestroyDeviceInfoList',
'CM_Get_Device_ID_ExW',
'SetupDiEnumDeviceInfo',
'SetupDiGetDeviceInfoListDetailW',
'SetupDiOpenDeviceInfoW',
'SetupDiGetClassDevsExW',
'SetupDiCreateDeviceInfoListExW',
'SetupDiClassGuidsFromNameExW',
'CM_Get_DevNode_Status_Ex',
'CM_Get_Res_Des_Data_Ex',
'CM_Get_Res_Des_Data_Size_Ex',
'SetupDiGetDriverInfoDetailW',
'ExitWindowsEx',
'CharPrevW',
'CharNextW',
'LoadStringW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 109,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 33608,
'StackReserveSize': 524288,
'filename': './data/malware/3fca9fe19d2fe89cb9391ffe22b869cb8cf652734b4a988ee2a51557616abc25'},
'3fdc969d7c30c622caedab1d646735d5274e8aa8ba7355c39d04a24f7a2e7bc8': {'AddressOfEntryPoint': 125112,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 598016,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'LogonUserW',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetBkMode',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocDescriptorEx',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'DestroyWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'VerQueryValueW',
'WININET.dll': 'InternetReadFile',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['WSACleanup',
'ntohs',
'recvfrom',
'sendto',
'htons',
'ioctlsocket',
'listen',
'bind',
'WSAStartup',
'closesocket',
'connect',
'socket',
'send',
'WSAGetLastError',
'select',
'accept',
'__WSAFDIsSet',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Destroy',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_ReplaceIcon',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetSetOptionW',
'InternetCloseHandle',
'InternetOpenUrlW',
'InternetConnectW',
'FtpOpenFileW',
'HttpQueryInfoW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpGetFileSize',
'InternetCrackUrlW',
'InternetOpenW',
'InternetReadFile',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'UnloadUserProfile',
'DestroyEnvironmentBlock',
'CreateEnvironmentBlock',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'GetVersionExW',
'GetSystemInfo',
'GetModuleHandleW',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'ReadFile',
'SetFilePointer',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CompareStringW',
'WriteFile',
'GetProcessHeap',
'CreatePipe',
'EnterCriticalSection',
'TerminateThread',
'LeaveCriticalSection',
'DeleteCriticalSection',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'LoadLibraryA',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'RaiseException',
'RtlPcToFileHeader',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FreeLibrary',
'InitializeCriticalSection',
'GetProcAddress',
'LoadLibraryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetModuleFileNameA',
'RtlUnwindEx',
'InitializeCriticalSectionAndSpinCount',
'HeapSize',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'FlushFileBuffers',
'LCMapStringW',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'LCMapStringA',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapReAlloc',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'CompareStringA',
'GetStdHandle',
'SetEnvironmentVariableA',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'GetClipboardData',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'IsCharUpperW',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'GetDC',
'SystemParametersInfoW',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'keybd_event',
'VkKeyScanA',
'GetKeyboardLayoutNameA',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'EndPaint',
'BeginPaint',
'GetMenu',
'GetClientRect',
'CopyRect',
'CharUpperBuffW',
'EnumWindows',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'SendMessageTimeoutW',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'EnumChildWindows',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'IsCharLowerW',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursor',
'WindowFromPoint',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'EnumThreadWindows',
'ReleaseDC',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'FindWindowW',
'CloseClipboard',
'DestroyWindow',
'RoundRect',
'DeleteObject',
'CreateCompatibleDC',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CreateDIBSection',
'SelectObject',
'BitBlt',
'GetDIBits',
'DeleteDC',
'CloseFigure',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetDeviceCaps',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'CreateCompatibleBitmap',
'GetPixel',
'SetBkMode',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'SetSecurityDescriptorDacl',
'AddAce',
'GetAce',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'GetAclInformation',
'CopySid',
'GetTokenInformation',
'GetSecurityDescriptorDacl',
'LogonUserW',
'DragQueryPoint',
'ShellExecuteExW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'IIDFromString',
'StringFromIID',
'CLSIDFromString',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'StringFromCLSID',
'OleUninitialize',
'SafeArrayAllocData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'SafeArrayUnaccessData',
'SafeArrayGetVartype',
'OleLoadPicture',
'SysAllocString',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'VarR8FromDec',
'SafeArrayAllocDescriptorEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 506,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 29688,
'SectionNames': {'.data\x00\x00\x00': 17408,
'.pdata\x00\x00': 25600,
'.rdata\x00\x00': 86528,
'.rsrc\x00\x00\x00': 29696,
'.text\x00\x00\x00': 590848},
'StackReserveSize': 4194304,
'filename': './data/malware/3fdc969d7c30c622caedab1d646735d5274e8aa8ba7355c39d04a24f7a2e7bc8'},
'3fe4e7a0a80e574fcde544d9c8074b0cdd90b08f6451f566e61ac70cfe201fc5': {'AddressOfEntryPoint': 208222,
'DebugRVA': 210240,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 208896,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'KERNEL32.dll': 'GetSystemTimeAsFileTime',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'OemToCharBuffA'},
'ImportedFunctions': ['CloseHandle',
'GetCurrentProcess',
'SetFileTime',
'MoveFileW',
'FlushFileBuffers',
'SetFilePointer',
'SetEndOfFile',
'GetFileType',
'CreateFileA',
'CreateFileW',
'ReadFile',
'SetLastError',
'WriteFile',
'GetDriveTypeA',
'GetDiskFreeSpaceA',
'GetProcAddress',
'GetModuleHandleW',
'GetFileAttributesA',
'GetFileAttributesW',
'SetFileAttributesA',
'SetFileAttributesW',
'MoveFileA',
'DeleteFileA',
'DeleteFileW',
'DeviceIoControl',
'CreateDirectoryA',
'CreateDirectoryW',
'ExpandEnvironmentStringsW',
'ExpandEnvironmentStringsA',
'FindClose',
'FindNextFileA',
'FindFirstFileA',
'FindNextFileW',
'FormatMessageW',
'GetVersionExW',
'GetFullPathNameA',
'GetModuleFileNameA',
'GetModuleFileNameW',
'MultiByteToWideChar',
'SetErrorMode',
'FreeLibrary',
'LoadLibraryW',
'LoadLibraryExW',
'CompareStringA',
'SetThreadPriority',
'GetCurrentThread',
'SetPriorityClass',
'LocalFileTimeToFileTime',
'SystemTimeToFileTime',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'GetSystemTime',
'WideCharToMultiByte',
'CompareStringW',
'IsDBCSLeadByte',
'GetCPInfo',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'SetEnvironmentVariableA',
'GetLocaleInfoA',
'LocalFree',
'SetConsoleCtrlHandler',
'Sleep',
'GetLastError',
'GetCurrentDirectoryW',
'GetStdHandle',
'GetConsoleMode',
'SetConsoleMode',
'ReadConsoleW',
'FindFirstFileW',
'GetCommandLineW',
'GetStringTypeW',
'GetStringTypeA',
'GetConsoleCP',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'HeapAlloc',
'HeapFree',
'HeapReAlloc',
'ExitProcess',
'GetCommandLineA',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'GetCurrentThreadId',
'FlsAlloc',
'RaiseException',
'RtlPcToFileHeader',
'HeapSetInformation',
'HeapCreate',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'DeleteCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'LoadLibraryA',
'InitializeCriticalSectionAndSpinCount',
'LCMapStringA',
'LCMapStringW',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'CharLowerW',
'ExitWindowsEx',
'CharUpperA',
'CharLowerA',
'LoadStringW',
'CharUpperW',
'CharToOemBuffW',
'CharToOemA',
'OemToCharA',
'OemToCharBuffA',
'RegQueryValueExW',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'SetFileSecurityW',
'SetFileSecurityA',
'OpenProcessToken',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'RegOpenKeyExW',
'SHGetPathFromIDListW',
'SHGetMalloc',
'SHGetSpecialFolderLocation',
'SHGetPathFromIDListA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 145,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 44092,
'SectionNames': {'.data\x00\x00\x00': 7680,
'.pdata\x00\x00': 9216,
'.rdata\x00\x00': 29184,
'.reloc\x00\x00': 29696,
'.rsrc\x00\x00\x00': 44544,
'.text\x00\x00\x00': 204288},
'StackReserveSize': 1048576,
'filename': './data/malware/3fe4e7a0a80e574fcde544d9c8074b0cdd90b08f6451f566e61ac70cfe201fc5'},
'40036495b493e07d34b22e6833b063d5edb882f8f61c635b1c6064334d0d76f3': {'AddressOfEntryPoint': 84396,
'DebugRVA': 103552,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 102400,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'ConvertStringSecurityDescriptorToSecurityDescriptorA',
'KERNEL32.dll': 'GetCommandLineA',
'MSVCP90.dll': '?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'MSVCR90.dll': 'memcpy',
'SHELL32.dll': 'SHGetFileInfoW',
'USER32.dll': 'GetMessageA'},
'ImportedFunctions': ['WriteFile',
'OpenProcess',
'CreateEventA',
'ReadFile',
'GetOverlappedResult',
'DisconnectNamedPipe',
'FlushFileBuffers',
'GetLastError',
'CreateNamedPipeA',
'ResetEvent',
'ConnectNamedPipe',
'WaitForMultipleObjects',
'CloseHandle',
'LocalFree',
'FreeLibrary',
'WideCharToMultiByte',
'CreateFileW',
'GetProcAddress',
'LoadLibraryA',
'GetCurrentProcessId',
'PeekNamedPipe',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetStartupInfoW',
'GetCurrentThread',
'GetCurrentProcess',
'GetVersionExA',
'CreateSemaphoreA',
'TlsAlloc',
'InitializeCriticalSection',
'LeaveCriticalSection',
'TlsSetValue',
'LocalAlloc',
'TlsGetValue',
'EnterCriticalSection',
'TlsFree',
'DeleteCriticalSection',
'MultiByteToWideChar',
'ReleaseSemaphore',
'CreateSemaphoreW',
'WaitForSingleObject',
'Sleep',
'SwitchToThread',
'CreateThread',
'GetCommandLineA',
'TranslateMessage',
'DispatchMessageA',
'GetMessageA',
'SHGetFileInfoW',
'??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z',
'?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAX_K@Z',
'??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@D@Z',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z',
'??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ',
'?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG@Z',
'?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z',
'?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z',
'?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'_lock',
'_onexit',
'_decode_pointer',
'_amsg_exit',
'__wgetmainargs',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_encode_pointer',
'__crt_debugger_hook',
'?terminate@@YAXXZ',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'strtok_s',
'_wsplitpath_s',
'malloc',
'free',
'??2@YAPEAX_K@Z',
'_purecall',
'??_V@YAXPEAX@Z',
'_invalid_parameter_noinfo',
'??0exception@std@@QEAA@AEBV01@@Z',
'??0exception@std@@QEAA@AEBQEBD@Z',
'??0exception@std@@QEAA@XZ',
'??1exception@std@@UEAA@XZ',
'?what@exception@std@@UEBAPEBDXZ',
'??3@YAXPEAX@Z',
'__dllonexit',
'_unlock',
'__C_specific_handler',
'swscanf_s',
'_vsnwprintf_s',
'_wcslwr_s',
'memset',
'memcmp',
'strlen',
'wcslen',
'_strdup',
'_CxxThrowException',
'__CxxFrameHandler3',
'wcscpy_s',
'wcscat_s',
'wcstok_s',
'memcpy',
'ConvertSidToStringSidA',
'GetTokenInformation',
'OpenProcessToken',
'OpenThreadToken',
'ConvertStringSecurityDescriptorToSecurityDescriptorA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 129,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 688,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 8704,
'.rdata\x00\x00': 30208,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 94720},
'StackReserveSize': 1048576,
'filename': './data/malware/40036495b493e07d34b22e6833b063d5edb882f8f61c635b1c6064334d0d76f3'},
'400dd28d8c2fb176cf12e8093eb344a6997f15e7d333f2abbafe4b56cb47afbe': {'AddressOfEntryPoint': 114808,
'DebugRVA': 6352,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'COMCTL32.dll': 'InitCommonControlsEx',
'CRYPT32.dll': 'CertVerifyCertificateChainPolicy',
'GDI32.dll': 'CreateFontIndirectW',
'KERNEL32.dll': 'GetModuleFileNameW',
'OLEAUT32.dll': 'SysFreeString',
'SHELL32.dll': 'SHCreateDirectoryExW',
'SHLWAPI.dll': 'SHSetValueW',
'USER32.dll': 'LoadStringW',
'UxTheme.dll': 'IsThemeActive',
'VERSION.dll': 'GetFileVersionInfoW',
'WINTRUST.dll': 'WTHelperProvDataFromStateData',
'msvcrt.dll': '__getmainargs',
'ntdll.dll': 'RtlCaptureContext',
'ole32.dll': 'CoUninitialize'},
'ImportedFunctions': ['RegDeleteKeyW',
'RegEnumValueW',
'RegOpenKeyExW',
'RegCloseKey',
'CloseServiceHandle',
'OpenSCManagerW',
'OpenServiceW',
'QueryServiceStatusEx',
'OpenProcessToken',
'DuplicateTokenEx',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'GetTempFileNameW',
'FindFirstFileW',
'FindResourceExW',
'SetEnvironmentVariableW',
'CreateDirectoryW',
'InitializeCriticalSectionAndSpinCount',
'GetVersionExW',
'MoveFileW',
'FindClose',
'RemoveDirectoryW',
'FindNextFileW',
'GetUserDefaultUILanguage',
'GetWindowsDirectoryW',
'DeleteFileW',
'WaitForSingleObject',
'SetEvent',
'GetTickCount',
'InitializeCriticalSection',
'GetSystemDirectoryW',
'Sleep',
'FormatMessageW',
'GetExitCodeProcess',
'CreateEventW',
'WaitForMultipleObjects',
'CreateThread',
'lstrcmpiW',
'FreeLibrary',
'GetCurrentProcess',
'CreateProcessW',
'OpenProcess',
'LoadLibraryW',
'GetProcAddress',
'SetFilePointer',
'WriteFile',
'CreateFileW',
'FlushFileBuffers',
'SetLastError',
'GetLocalTime',
'MoveFileExW',
'GetTempPathW',
'SetProcessShutdownParameters',
'SetFileAttributesW',
'EnumResourceNamesW',
'LocalAlloc',
'GetLocaleInfoW',
'SizeofResource',
'EnumUILanguagesW',
'LockResource',
'EnumResourceLanguagesW',
'MulDiv',
'RaiseException',
'GetSystemDefaultLangID',
'GetUserDefaultLangID',
'GetCurrentDirectoryW',
'GetSystemInfo',
'ExpandEnvironmentStringsW',
'LocalFree',
'CloseHandle',
'GetModuleHandleW',
'DeleteCriticalSection',
'GetCommandLineW',
'CreateMutexW',
'GlobalMemoryStatusEx',
'FindResourceW',
'ResumeThread',
'CreateFileMappingW',
'IsWow64Process',
'MapViewOfFile',
'UnhandledExceptionFilter',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'QueryPerformanceCounter',
'SetUnhandledExceptionFilter',
'OutputDebugStringA',
'GetStartupInfoW',
'GetEnvironmentVariableW',
'lstrlenA',
'lstrcmpiA',
'lstrlenW',
'WideCharToMultiByte',
'GetVersionExA',
'GetLastError',
'LoadResource',
'EnterCriticalSection',
'OutputDebugStringW',
'LeaveCriticalSection',
'TerminateProcess',
'GetModuleFileNameW',
'GetDeviceCaps',
'GetObjectW',
'SetTextColor',
'CreateFontIndirectW',
'SetDlgItemTextW',
'GetSysColorBrush',
'ShowWindow',
'SendDlgItemMessageW',
'EndDialog',
'GetDlgItem',
'LoadIconW',
'IsDialogMessageW',
'TranslateMessage',
'KillTimer',
'PostMessageW',
'LoadImageW',
'PostQuitMessage',
'GetMessageW',
'SetTimer',
'DestroyWindow',
'GetWindowThreadProcessId',
'CopyRect',
'SetWindowPos',
'GetDesktopWindow',
'SystemParametersInfoW',
'BringWindowToTop',
'OffsetRect',
'SetForegroundWindow',
'GetWindowRect',
'CharToOemW',
'ExitWindowsEx',
'ReleaseDC',
'GetDC',
'CreateDialogParamW',
'SendMessageW',
'UpdateWindow',
'GetDlgCtrlID',
'UnregisterClassA',
'DispatchMessageW',
'CharNextW',
'FindWindowW',
'LoadStringW',
'_XcptFilter',
'_fileno',
'_read',
'__pioinfo',
'__badioinfo',
'wcstombs',
'iswctype',
'ferror',
'wctomb',
'_itoa',
'_snprintf',
'_iob',
'localeconv',
'isxdigit',
'calloc',
'malloc',
'__C_specific_handler',
'memset',
'free',
'_exit',
'_errno',
'_wcsicmp',
'_ismbblead',
'_cexit',
'exit',
'_acmdln',
'??2@YAPEAX_K@Z',
'_vsnwprintf',
'??_V@YAXPEAX@Z',
'??_U@YAPEAX_K@Z',
'iswdigit',
'_wtol',
'iswalpha',
'_wcsnicmp',
'wcschr',
'??3@YAXPEAX@Z',
'isleadbyte',
'__mb_cur_max',
'mbtowc',
'isdigit',
'_initterm',
'ungetc',
'?terminate@@YAXXZ',
'_isatty',
'_write',
'_lseeki64',
'??1type_info@@UEAA@XZ',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'realloc',
'_CxxThrowException',
'memcpy',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_amsg_exit',
'__getmainargs',
'InitCommonControlsEx',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'CoInitializeEx',
'CoCreateInstance',
'CoSetProxyBlanket',
'CLSIDFromString',
'CoTaskMemFree',
'CoUninitialize',
'SysAllocString',
'SysStringLen',
'VariantClear',
'VariantInit',
'SysReAllocString',
'SysAllocStringLen',
'SysStringByteLen',
'SysFreeString',
'SHGetFolderPathW',
'CommandLineToArgvW',
'SHCreateDirectoryExW',
'GetFileVersionInfoSizeW',
'VerQueryValueW',
'GetFileVersionInfoW',
'PathIsRelativeW',
'SHDeleteKeyW',
'PathRemoveFileSpecW',
'PathIsDirectoryW',
'PathRemoveExtensionW',
'PathFindFileNameW',
'PathFileExistsW',
'PathFindExtensionW',
'SHRegSetUSValueW',
'SHGetValueW',
'PathStripPathW',
'StrChrW',
'SHRegGetUSValueW',
'SHRegGetValueW',
'PathIsFileSpecW',
'StrCmpNIW',
'SHSetValueW',
'IsThemeActive',
'CertVerifyCertificateChainPolicy',
'WTHelperGetProvSignerFromChain',
'WinVerifyTrust',
'WTHelperProvDataFromStateData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 15,
'NumberOfImportFunctions': 249,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 36724520,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 36724736,
'.text\x00\x00\x00': 141824},
'StackReserveSize': 524288,
'filename': './data/malware/400dd28d8c2fb176cf12e8093eb344a6997f15e7d333f2abbafe4b56cb47afbe'},
'40209dd150e8c1ddeb618dd1b4520bc2eb76b1c7c77d59860aad859d29dcdfe1': {'AddressOfEntryPoint': 250944,
'DebugRVA': 262944,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 262144,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionBind',
'ntoskrnl.exe': '_purecall'},
'ImportedFunctions': ['ObfDereferenceObject',
'IoGetDeviceObjectPointer',
'RtlInitUnicodeString',
'IoStartNextPacket',
'PoUnregisterSystemState',
'PoRegisterSystemState',
'IoReleaseRemoveLockEx',
'IofCompleteRequest',
'PoStartNextPowerIrp',
'IoAcquireRemoveLockEx',
'IofCallDriver',
'IoReleaseRemoveLockAndWaitEx',
'PoSetPowerState',
'PoCallDriver',
'IoCancelIrp',
'IoReleaseCancelSpinLock',
'IoFreeIrp',
'IoRegisterShutdownNotification',
'RtlQueryRegistryValues',
'RtlCreateRegistryKey',
'RtlCheckRegistryKey',
'KeInitializeEvent',
'KeInitializeMutex',
'KeReleaseMutex',
'KeReleaseSpinLock',
'KeClearEvent',
'KeAcquireSpinLockRaiseToDpc',
'KeWaitForSingleObject',
'KeSetEvent',
'IoBuildSynchronousFsdRequest',
'IoInitializeIrp',
'IoFreeWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoAllocateWorkItem',
'IoCreateSynchronizationEvent',
'ZwClose',
'IoIsWdmVersionAvailable',
'ObReferenceObjectByHandle',
'ExEventObjectType',
'IoDetachDevice',
'IoAttachDeviceToDeviceStack',
'wcsstr',
'IoRegisterPlugPlayNotification',
'towlower',
'ZwEnumerateValueKey',
'ZwOpenKey',
'RtlFreeAnsiString',
'RtlUnicodeStringToAnsiString',
'KeSynchronizeExecution',
'KeInitializeDpc',
'KeInsertQueueDpc',
'ExFreePoolWithTag',
'__C_specific_handler',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'MmBuildMdlForNonPagedPool',
'IoAllocateMdl',
'MmUnmapLockedPages',
'PoRequestPowerIrp',
'swprintf',
'ZwCreateSection',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'IoCreateNotificationEvent',
'ExQueueWorkItem',
'KeSetTimer',
'KeCancelTimer',
'KeInitializeTimer',
'KeSetTimerEx',
'KeDelayExecutionThread',
'IoBuildDeviceIoControlRequest',
'RtlCopyUnicodeString',
'ExAllocatePoolWithTag',
'RtlIntegerToUnicodeString',
'RtlFreeUnicodeString',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlAppendUnicodeStringToString',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'IoCreateDevice',
'RtlWriteRegistryValue',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'sprintf',
'KeQueryTimeIncrement',
'IoUnregisterPlugPlayNotification',
'_purecall',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionUnbind',
'WdfVersionBind'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 95,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 928,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 13824,
'.rdata\x00\x00': 33792,
'.reloc\x00\x00': 3584,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 254976,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/40209dd150e8c1ddeb618dd1b4520bc2eb76b1c7c77d59860aad859d29dcdfe1'},
'40377c131bbeeddc46eb0f025f77b4693be80aa271cb0978a392f5b31532ed6c': {'AddressOfEntryPoint': 1073765489,
'DebugRVA': 29408,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'LCMapStringA',
'USER32.dll': 'DispatchMessageW'},
'ImportedFunctions': ['MapViewOfFile',
'UnmapViewOfFile',
'OutputDebugStringW',
'GetModuleHandleW',
'Sleep',
'OpenFileMappingW',
'CloseHandle',
'CreateThread',
'HeapReAlloc',
'HeapAlloc',
'GetStringTypeW',
'GetStringTypeA',
'LCMapStringW',
'MultiByteToWideChar',
'GetCommandLineA',
'GetStartupInfoA',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetProcAddress',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetLastError',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'LoadLibraryA',
'InitializeCriticalSectionAndSpinCount',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'HeapFree',
'HeapSize',
'GetLocaleInfoA',
'LCMapStringA',
'GetMessageW',
'PostQuitMessage',
'UnregisterClassW',
'LoadCursorW',
'CallNextHookEx',
'FindWindowW',
'TranslateMessage',
'RegisterClassExW',
'CreateWindowExW',
'SetWindowsHookExW',
'UnhookWindowsHookEx',
'DefWindowProcW',
'DispatchMessageW'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 78,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1168,
'SectionNames': {'-v\x00\x00oc\x00\x00': 1024,
'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 9216,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 24064},
'StackReserveSize': 1048576,
'filename': './data/malware/40377c131bbeeddc46eb0f025f77b4693be80aa271cb0978a392f5b31532ed6c'},
'409ac4598eb81fc8270e64d97c76e506d79ad88cecdd2ca0c528f17d51082741': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 44160,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 44544,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/409ac4598eb81fc8270e64d97c76e506d79ad88cecdd2ca0c528f17d51082741'},
'410eb3166bb6e806652cd945b62db9024090958f82e18b714646999b0559ed8b': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3492,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/410eb3166bb6e806652cd945b62db9024090958f82e18b714646999b0559ed8b'},
'411ce28a7260f2a9ad989f46dba2bd5c5cdc666c306af899f652a1de2b7c54f4': {'AddressOfEntryPoint': 1074123857,
'DebugRVA': 78624,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 77824,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'KERNEL32.dll': 'CreateFileA'},
'ImportedFunctions': ['OpenMutexW',
'CreateMutexW',
'CloseHandle',
'WaitForSingleObject',
'ReleaseMutex',
'GetModuleFileNameW',
'GetLocalTime',
'SetFilePointer',
'CreateFileW',
'GetProcAddress',
'LoadLibraryExW',
'GetLastError',
'WriteFile',
'FreeLibrary',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'RaiseException',
'RtlPcToFileHeader',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetModuleHandleA',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'ExitProcess',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'MultiByteToWideChar',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'Sleep',
'HeapSize',
'WideCharToMultiByte',
'GetConsoleCP',
'GetConsoleMode',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'LoadLibraryA',
'InitializeCriticalSection',
'HeapReAlloc',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'RtlVirtualUnwind',
'FlushFileBuffers',
'CreateFileA',
'RegQueryValueExW',
'RegOpenKeyExW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 84,
'NumberOfSections': 6,
'OSVersion': 4,
'ResSize': 300772,
'StackReserveSize': 1048576,
'filename': './data/malware/411ce28a7260f2a9ad989f46dba2bd5c5cdc666c306af899f652a1de2b7c54f4'},
'41754660e199e9027afaf46edf0de3f8be91a19536a27ad4cd08c41f5f213793': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 173004,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 173056,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/41754660e199e9027afaf46edf0de3f8be91a19536a27ad4cd08c41f5f213793'},
'41a01196b9d71cf32e34a643924261b9b0d5ed2fb4f4147cd83e31e4e23dae74': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 32880,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 33280,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/41a01196b9d71cf32e34a643924261b9b0d5ed2fb4f4147cd83e31e4e23dae74'},
'41dddfdd1b3c91ef07760f678a34fe43d6f0466ec68eb07997960eadf37b4241': {'AddressOfEntryPoint': 23584,
'DebugRVA': 29456,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'FlsSetValue',
'PSAPI.DLL': 'EnumProcesses',
'SHELL32.dll': 'SHGetSpecialFolderPathW',
'SHLWAPI.dll': 'wnsprintfW',
'WININET.dll': 'InternetSetOptionW',
'ntdll.dll': 'RtlVirtualUnwind'},
'ImportedFunctions': ['PathAddBackslashW',
'StrCatW',
'wnsprintfW',
'InternetOpenW',
'InternetOpenUrlW',
'InternetReadFile',
'InternetCloseHandle',
'InternetSetOptionW',
'GetModuleFileNameExA',
'EnumProcesses',
'ShellExecuteExW',
'SHGetSpecialFolderPathW',
'InitializeCriticalSectionAndSpinCount',
'LoadLibraryA',
'GetModuleFileNameA',
'GetStdHandle',
'HeapAlloc',
'GetLocaleInfoA',
'HeapFree',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetStringTypeW',
'GetStringTypeA',
'LCMapStringW',
'MultiByteToWideChar',
'GetTickCount',
'CopyFileW',
'GetModuleFileNameW',
'lstrlenW',
'GetTempPathW',
'lstrlenA',
'GetTempFileNameW',
'SetFilePointer',
'WriteFile',
'CloseHandle',
'Sleep',
'GetCurrentProcess',
'WaitForSingleObject',
'GetModuleHandleW',
'CreateRemoteThread',
'OpenProcess',
'VirtualFreeEx',
'TerminateProcess',
'GetLastError',
'SetLastError',
'lstrcmpiA',
'GetProcAddress',
'VirtualAllocEx',
'LocalAlloc',
'LocalFree',
'WriteProcessMemory',
'ExitProcess',
'MoveFileExW',
'GetVersionExW',
'WideCharToMultiByte',
'LCMapStringA',
'CreateFileW',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentThreadId',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'RegCloseKey',
'RegCreateKeyW',
'GetTokenInformation',
'GetSidSubAuthorityCount',
'GetSidSubAuthority',
'OpenProcessToken',
'RegSetValueExW',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlUnwindEx',
'RtlVirtualUnwind'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 80,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 16,
'SectionNames': {'.data\x00\x00\x00': 1210368,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 11264,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 20992},
'StackReserveSize': 1048576,
'filename': './data/malware/41dddfdd1b3c91ef07760f678a34fe43d6f0466ec68eb07997960eadf37b4241'},
'420aac924ab38220b5cab5fe6eb895a82efae97eab224b79881677c1bdf9dae0': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1268848,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1269248,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/420aac924ab38220b5cab5fe6eb895a82efae97eab224b79881677c1bdf9dae0'},
'426020715f5ad14545ba39bc32577394acee42706c24a9c8e79347af2fd407d2': {'AddressOfEntryPoint': 1073795225,
'DebugRVA': 4160,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 21088,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {'KERNEL32.dll': 'GetFullPathNameW',
'USER32.dll': 'GetWindowThreadProcessId',
'msvcrt.dll': '??2@YAPEAX_K@Z',
'ntdll.dll': 'RtlLookupFunctionEntry'},
'ImportedFunctions': ['CloseHandle',
'Sleep',
'SetCurrentDirectoryW',
'GetProcAddress',
'VerifyVersionInfoW',
'VerSetConditionMask',
'GetCurrentDirectoryW',
'HeapAlloc',
'FormatMessageW',
'LocalAlloc',
'LocalFree',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'GetModuleHandleW',
'SetUnhandledExceptionFilter',
'GetStartupInfoW',
'SetLastError',
'GetLastError',
'GetModuleFileNameW',
'GetProcessHeap',
'HeapFree',
'SetEnvironmentVariableW',
'LoadLibraryExW',
'FreeLibrary',
'CreateMutexW',
'GetFullPathNameW',
'LoadStringW',
'SetForegroundWindow',
'GetWindowLongPtrW',
'EnumWindows',
'ShowWindow',
'MessageBoxW',
'GetWindowThreadProcessId',
'??3@YAXPEAX@Z',
'?terminate@@YAXXZ',
'memset',
'_commode',
'_fmode',
'_wcmdln',
'__C_specific_handler',
'_initterm',
'__setusermatherr',
'_cexit',
'_exit',
'exit',
'__set_app_type',
'__wgetmainargs',
'_amsg_exit',
'_XcptFilter',
'??2@YAPEAX_K@Z',
'RtlVirtualUnwind',
'RtlCaptureContext',
'RtlLookupFunctionEntry'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 59,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 50688,
'StackReserveSize': 524288,
'filename': './data/malware/426020715f5ad14545ba39bc32577394acee42706c24a9c8e79347af2fd407d2'},
'432a06c4bbe435c375f23e00b7f5d682fb93d31fcd082717e116dad2628eb4f2': {'AddressOfEntryPoint': 38460,
'DebugRVA': 163296,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 163840,
'ImageBase': 1255145472,
'ImageVersion': 6,
'ImportedDLL': {'ln.fol': 'mtep'},
'ImportedFunctions': ['f',
'LsflTkreadTlifn',
'agCotntdr',
'rcmd',
'g',
'NuSeuJoelrlauimmPslcdps',
'mtep'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 7,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 33872,
'SectionNames': {'.data\x00\x00\x00': 119808,
'.pdata\x00\x00': 10240,
'.rdata\x00\x00': 18944,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 34304,
'.text\x00\x00\x00': 159744},
'StackReserveSize': 1048576,
'filename': './data/malware/432a06c4bbe435c375f23e00b7f5d682fb93d31fcd082717e116dad2628eb4f2'},
'432c26e8f90d9e2135f47766a548bbcd4963a1aad8b52ade8894cc916de3af58': {'AddressOfEntryPoint': 3622800,
'DebugRVA': 3766560,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 3760128,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 7,
'OSVersion': 4,
'ResSize': 2798528,
'SectionNames': {'.data\x00\x00\x00': 109568,
'.pdata\x00\x00': 154112,
'.rdata\x00\x00': 684544,
'.rsrc\x00\x00\x00': 2798592,
'.text\x00\x00\x00': 1536,
'.tls\x00\x00\x00\x00': 512},
'StackReserveSize': 1048576,
'filename': './data/malware/432c26e8f90d9e2135f47766a548bbcd4963a1aad8b52ade8894cc916de3af58'},
'436a5ff5a22780be7433312a6fd87b5ee1313b98edd7cebaf11a318afb19622d': {'AddressOfEntryPoint': 5008,
'DebugRVA': 4160,
'DebugSize': 28,
'Dll': 49504,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 20480,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'GetTickCount',
'SetUnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'GetCommandLineW',
'UnhandledExceptionFilter',
'ExitProcess',
'HeapSetInformation',
'FindResourceW',
'FreeLibrary',
'LoadResource',
'CreateProcessW',
'HeapAlloc',
'GetSystemWindowsDirectoryW',
'HeapFree',
'CreateDirectoryW',
'WaitForSingleObject',
'GetProcessHeap',
'WriteFile',
'GetSystemDirectoryW',
'LoadLibraryW',
'SizeofResource',
'GetExitCodeProcess',
'CreateFileW',
'GetLastError',
'GetCurrentDirectoryW',
'GetProcAddress',
'LockResource',
'SetCurrentDirectoryW',
'RemoveDirectoryW',
'CloseHandle',
'DeleteFileW',
'SetFileAttributesW',
'RegCloseKey',
'RegOpenKeyExW',
'RegDeleteValueW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 11,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 49,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 518288,
'SectionNames': {'.data\x00\x00\x00': 512,
'.idata\x00\x00': 2048,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 518656,
'.text\x00\x00\x00': 8192},
'StackReserveSize': 524288,
'filename': './data/malware/436a5ff5a22780be7433312a6fd87b5ee1313b98edd7cebaf11a318afb19622d'},
'437185de0cd49a605245b494aa8a6305375b5f067a2d50fe2a80198271b67e7a': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 14184,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 14336,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/437185de0cd49a605245b494aa8a6305375b5f067a2d50fe2a80198271b67e7a'},
'4381e84007f5ae7d8b8faa3df667cc2d726fec8446b03f04beaff55a78cecbb3': {'AddressOfEntryPoint': 112864,
'DebugRVA': 185360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 184320,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetCurrentThreadId',
'SETUPAPI.dll': 'SetupDiGetClassDevsA'},
'ImportedFunctions': ['MoveFileExA',
'FreeLibrary',
'Sleep',
'GetFileAttributesA',
'GetSystemDirectoryA',
'GetLastError',
'GetProcAddress',
'GetTempFileNameA',
'LoadLibraryA',
'lstrlenA',
'GetCurrentProcess',
'LocalAlloc',
'LocalFree',
'FormatMessageA',
'DeleteFileA',
'GetWindowsDirectoryA',
'GetSystemInfo',
'GetVersionExA',
'InitializeCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'GetLocalTime',
'GetModuleFileNameA',
'DeleteCriticalSection',
'CopyFileA',
'CloseHandle',
'SetFileAttributesA',
'CreateFileA',
'GetModuleHandleA',
'HeapReAlloc',
'SetEndOfFile',
'GetLocaleInfoA',
'GetStringTypeW',
'GetStringTypeA',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetTickCount',
'QueryPerformanceCounter',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'FlushFileBuffers',
'HeapSize',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'LCMapStringW',
'LCMapStringA',
'SetStdHandle',
'GetStartupInfoA',
'SetHandleCount',
'GetStdHandle',
'ExitProcess',
'GetFileType',
'HeapCreate',
'HeapSetInformation',
'FlsAlloc',
'HeapFree',
'HeapAlloc',
'MultiByteToWideChar',
'ReadFile',
'SetFilePointer',
'WriteFile',
'WideCharToMultiByte',
'GetConsoleCP',
'GetConsoleMode',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'GetCommandLineA',
'GetProcessHeap',
'RaiseException',
'RtlPcToFileHeader',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RtlVirtualUnwind',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'SetupDiSetDriverInstallParamsA',
'SetupFindNextLine',
'SetupGetLineCountA',
'SetupOpenInfFileA',
'SetupCloseInfFile',
'SetupGetStringFieldA',
'SetupGetTargetPathA',
'SetupGetFieldCount',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiRemoveDevice',
'SetupDiEnumDeviceInfo',
'SetupFindFirstLineA',
'SetupDiGetINFClassA',
'SetupDiSetDeviceInstallParamsA',
'SetupDiBuildDriverInfoList',
'SetupDiGetSelectedDriverA',
'SetupDiGetDeviceInstallParamsA',
'SetupDiGetDriverInstallParamsA',
'SetupDiDestroyDeviceInfoList',
'SetupDiCallClassInstaller',
'SetupDiDestroyDriverInfoList',
'SetupDiSetSelectedDevice',
'SetupDiGetClassDevsA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 111,
'NumberOfSections': 6,
'OSVersion': 4,
'ResSize': 176,
'SectionNames': {'.data\x00\x00\x00': 7168,
'.getpat\x00': 274432,
'.pdata\x00\x00': 9728,
'.rdata\x00\x00': 35840,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 177152},
'StackReserveSize': 1048576,
'filename': './data/malware/4381e84007f5ae7d8b8faa3df667cc2d726fec8446b03f04beaff55a78cecbb3'},
'43bd6c7e304a5ad09b52f279ea84eeb7df2e55f3d92428767f110b7ae27a3bed': {'AddressOfEntryPoint': 160967,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 81920,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'HeapCreate',
'SETUPAPI.dll': 'SetupDiDestroyDeviceInfoList',
'USER32.dll': 'wsprintfA',
'ntdll.dll': 'RtlCaptureContext'},
'ImportedFunctions': ['SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiGetClassDevsA',
'SetupDiDestroyDeviceInfoList',
'strncpy',
'memmove',
'memchr',
'memcpy',
'memcmp',
'RtlLookupFunctionEntry',
'RtlPcToFileHeader',
'RtlUnwindEx',
'NtTerminateProcess',
'RtlUnhandledExceptionFilter',
'RtlVirtualUnwind',
'memset',
'RtlCaptureContext',
'GetACP',
'LocalFree',
'GetLastError',
'LocalAlloc',
'GetLocaleInfoA',
'GetOEMCP',
'GetVersionExA',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'IsBadReadPtr',
'IsBadWritePtr',
'IsBadCodePtr',
'HeapReAlloc',
'ReadFile',
'SetStdHandle',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'LCMapStringA',
'LCMapStringW',
'LoadLibraryA',
'LeaveCriticalSection',
'GetStringTypeW',
'GetStringTypeA',
'CloseHandle',
'SetFilePointer',
'FlushFileBuffers',
'SetUnhandledExceptionFilter',
'DeleteCriticalSection',
'EnterCriticalSection',
'Sleep',
'InitializeCriticalSection',
'MultiByteToWideChar',
'GetCommandLineA',
'GetStartupInfoA',
'RaiseException',
'GetCPInfo',
'TlsAlloc',
'SetLastError',
'GetCurrentThreadId',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'GetProcAddress',
'GetModuleHandleA',
'ExitProcess',
'HeapSize',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'HeapSetInformation',
'HeapCreate',
'LoadIconA',
'wsprintfA',
'RegQueryValueExA',
'RegEnumValueA',
'RegEnumKeyExA',
'AllocateAndInitializeSid',
'InitializeSecurityDescriptor',
'SetSecurityDescriptorOwner',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'FreeSid',
'RegSetValueExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegEnumKeyA',
'RegCloseKey',
'RegDeleteKeyA',
'RegCreateKeyExA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 98,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 1936,
'SectionNames': {'.data\x00\x00\x00': 7168,
'.pdata\x00\x00': 7680,
'.rdata\x00\x00': 27648,
'.rsrc\x00\x00\x00': 22528,
'.text\x00\x00\x00': 77824},
'StackReserveSize': 1048576,
'filename': './data/malware/43bd6c7e304a5ad09b52f279ea84eeb7df2e55f3d92428767f110b7ae27a3bed'},
'43e96f8797d4711ca8270d0e41d1920aa4bd5f465b29825e39de60f43ad6b39e': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/43e96f8797d4711ca8270d0e41d1920aa4bd5f465b29825e39de60f43ad6b39e'},
'43eeea045ab4362873f0b110ba737c29e71bea6c209c1ad047cb15ae16f00ce8': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/43eeea045ab4362873f0b110ba737c29e71bea6c209c1ad047cb15ae16f00ce8'},
'440f62b8089c9a3c187ab98b3ea0e5088215e151fe1af2969154439e8eb49454': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 326056,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 326144,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/440f62b8089c9a3c187ab98b3ea0e5088215e151fe1af2969154439e8eb49454'},
'4413aeef55e37168a42461af2b1b0f692b7517606aac072988757cacca2327a7': {'AddressOfEntryPoint': 109776,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 241248,
'ExportSize': 17917,
'IATRVA': 192512,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'GetConsoleMode',
'OLEAUT32.dll': 'VariantClear',
'SETUPAPI.dll': 'SetupDiDestroyDeviceInfoList',
'USER32.dll': 'wsprintfA',
'ole32.dll': 'CoInitializeEx'},
'ImportedFunctions': ['SetupDiCallClassInstaller',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiGetDeviceInstanceIdA',
'SetupDiOpenDevRegKey',
'SetupDiEnumDeviceInfo',
'SetupDiGetClassDevsA',
'SetupDiDestroyDeviceInfoList',
'FreeLibrary',
'SetFileAttributesA',
'GetLastError',
'GetProcAddress',
'CloseHandle',
'ReadFile',
'CreateFileA',
'LoadLibraryA',
'lstrcatA',
'lstrcpyA',
'Sleep',
'GetModuleFileNameA',
'GetVersionExA',
'DeviceIoControl',
'SetLastError',
'lstrlenW',
'MultiByteToWideChar',
'GetSystemDefaultLangID',
'LoadResource',
'FindResourceExA',
'LockResource',
'WideCharToMultiByte',
'InitializeCriticalSection',
'DeleteCriticalSection',
'OutputDebugStringA',
'GetCurrentProcessId',
'GetCurrentThreadId',
'QueryPerformanceCounter',
'GetLocalTime',
'LeaveCriticalSection',
'WinExec',
'LocalFree',
'FormatMessageA',
'GetEnvironmentVariableA',
'GetACP',
'GetLocaleInfoA',
'lstrlenA',
'GetModuleHandleA',
'GetCurrentProcess',
'SetEndOfFile',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'HeapReAlloc',
'GetStringTypeW',
'GetStringTypeA',
'GetSystemTimeAsFileTime',
'GetTickCount',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetSystemDirectoryA',
'CreateProcessA',
'WaitForSingleObject',
'SetCurrentDirectoryA',
'FindFirstFileA',
'DeleteFileA',
'FindNextFileA',
'FindClose',
'RemoveDirectoryA',
'GetCurrentDirectoryA',
'OpenFile',
'GetWindowsDirectoryA',
'HeapSetInformation',
'GetThreadLocale',
'HeapCreate',
'WriteFile',
'GetStdHandle',
'GetConsoleCP',
'EnterCriticalSection',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'SetFilePointer',
'SetStdHandle',
'GetFileType',
'SetHandleCount',
'FlushFileBuffers',
'ExitProcess',
'HeapSize',
'RtlVirtualUnwind',
'LCMapStringW',
'LCMapStringA',
'FlsAlloc',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RaiseException',
'RtlPcToFileHeader',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'HeapFree',
'HeapAlloc',
'GetCommandLineA',
'GetProcessHeap',
'GetStartupInfoA',
'GetCPInfo',
'GetOEMCP',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'GetConsoleMode',
'LoadStringA',
'CreateDialogIndirectParamA',
'ShowWindow',
'PostMessageA',
'GetMessageA',
'IsDialogMessageA',
'TranslateMessage',
'DispatchMessageA',
'SetWindowTextA',
'SetDlgItemTextA',
'DestroyWindow',
'LoadCursorA',
'SetCursor',
'PostQuitMessage',
'MessageBoxA',
'GetDesktopWindow',
'GetWindowRect',
'SetWindowPos',
'wsprintfA',
'OpenProcessToken',
'OpenSCManagerA',
'InitializeAcl',
'AddAccessAllowedAce',
'InitializeSecurityDescriptor',
'SetSecurityDescriptorDacl',
'IsValidSecurityDescriptor',
'RegSetKeySecurity',
'GetTokenInformation',
'GetLengthSid',
'RegCreateKeyExA',
'RegDeleteValueA',
'RegDeleteKeyA',
'CloseServiceHandle',
'RegQueryValueExA',
'RegEnumKeyExA',
'RegSetValueExA',
'RegOpenKeyExA',
'RegEnumValueA',
'RegCloseKey',
'CoUninitialize',
'CoCreateInstance',
'CoSetProxyBlanket',
'CoInitializeSecurity',
'CoInitializeEx',
'SysAllocString',
'SysStringByteLen',
'SysAllocStringByteLen',
'SysAllocStringLen',
'VarBstrCat',
'SysFreeString',
'SysStringLen',
'VariantClear'],
'LinkerVersion': 8,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 162,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 64156,
'SectionNames': {'.data\x00\x00\x00': 7168,
'.pdata\x00\x00': 13312,
'.rdata\x00\x00': 67072,
'.rsrc\x00\x00\x00': 64512,
'.text\x00\x00\x00': 185856},
'StackReserveSize': 1048576,
'filename': './data/malware/4413aeef55e37168a42461af2b1b0f692b7517606aac072988757cacca2327a7'},
'44d6683f47a13d203309ade994b70663c76dabb2226af5f1f1df8cbca6e8e09c': {'AddressOfEntryPoint': 4096,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 256,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 0,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.DLL': 'GetLastError',
'USER32.DLL': 'wsprintfA'},
'ImportedFunctions': ['ExitProcess',
'lstrcatA',
'CreateFileA',
'WriteFile',
'CloseHandle',
'GetLastError',
'MessageBoxA',
'wsprintfA'],
'LinkerVersion': 1,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 8,
'NumberOfSections': 3,
'OSVersion': 1,
'ResSize': 0,
'SectionNames': {'.code\x00\x00\x00': 512,
'.data\x00\x00\x00': 6144,
'.idata\x00\x00': 512},
'StackReserveSize': 4096,
'filename': './data/malware/44d6683f47a13d203309ade994b70663c76dabb2226af5f1f1df8cbca6e8e09c'},
'44f9192b213f5588c725d2c3e30ba5ef6bd43b66c617f4ede48e2f0ac0327460': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'GetTickCount',
'SetUnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'GetCommandLineW',
'UnhandledExceptionFilter',
'ExitProcess',
'HeapSetInformation',
'EnumResourceNamesW',
'FindResourceW',
'FreeLibrary',
'LoadResource',
'CreateProcessW',
'HeapAlloc',
'GetSystemWindowsDirectoryW',
'HeapFree',
'CreateDirectoryW',
'WaitForSingleObject',
'GetProcessHeap',
'WriteFile',
'GetSystemDirectoryW',
'LoadLibraryW',
'SizeofResource',
'GetExitCodeProcess',
'CreateFileW',
'GetLastError',
'GetCurrentDirectoryW',
'GetProcAddress',
'LockResource',
'SetCurrentDirectoryW',
'RemoveDirectoryW',
'CloseHandle',
'DeleteFileW',
'SetFileAttributesW',
'RegCloseKey',
'RegOpenKeyExW',
'RegDeleteValueW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 50,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 554004,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 554496,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/44f9192b213f5588c725d2c3e30ba5ef6bd43b66c617f4ede48e2f0ac0327460'},
'454991dd0268cfb691d38e28199dd7bbf47cba78d8d39b40cfc481b81db0ff07': {'AddressOfEntryPoint': 5008,
'DebugRVA': 4160,
'DebugSize': 28,
'Dll': 49504,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 20480,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'GetTickCount',
'SetUnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'GetCommandLineW',
'UnhandledExceptionFilter',
'ExitProcess',
'HeapSetInformation',
'FindResourceW',
'FreeLibrary',
'LoadResource',
'CreateProcessW',
'HeapAlloc',
'GetSystemWindowsDirectoryW',
'HeapFree',
'CreateDirectoryW',
'WaitForSingleObject',
'GetProcessHeap',
'WriteFile',
'GetSystemDirectoryW',
'LoadLibraryW',
'SizeofResource',
'GetExitCodeProcess',
'CreateFileW',
'GetLastError',
'GetCurrentDirectoryW',
'GetProcAddress',
'LockResource',
'SetCurrentDirectoryW',
'RemoveDirectoryW',
'CloseHandle',
'DeleteFileW',
'SetFileAttributesW',
'RegCloseKey',
'RegOpenKeyExW',
'RegDeleteValueW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 11,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 49,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 291388,
'SectionNames': {'.data\x00\x00\x00': 512,
'.idata\x00\x00': 2048,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 291840,
'.text\x00\x00\x00': 8192},
'StackReserveSize': 524288,
'filename': './data/malware/454991dd0268cfb691d38e28199dd7bbf47cba78d8d39b40cfc481b81db0ff07'},
'45e1fd52db8c8aacf9b19f971368ffba8ef3f29f83e5d0c2f3912a52d202b4e8': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3492,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/45e1fd52db8c8aacf9b19f971368ffba8ef3f29f83e5d0c2f3912a52d202b4e8'},
'4621b7ffe87b96683b8c55de1464089f6b8fd8564f9b3164fa4113039428cb7d': {'AddressOfEntryPoint': 41648,
'DebugRVA': 103184,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 102400,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExW',
'DIFXAPI.dll': 'DriverPackageInstallW',
'KERNEL32.dll': 'GetLocaleInfoW'},
'ImportedFunctions': ['RegCloseKey',
'RegSetValueExW',
'RegCreateKeyExW',
'DriverPackageGetPathW',
'DriverPackagePreinstallW',
'DriverPackageUninstallW',
'DriverPackageInstallW',
'WideCharToMultiByte',
'MultiByteToWideChar',
'Sleep',
'InitializeCriticalSection',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetLastError',
'HeapFree',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoW',
'GetCPInfo',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'RtlVirtualUnwind',
'GetACP',
'GetOEMCP',
'GetProcAddress',
'GetModuleHandleA',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'HeapSize',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetModuleFileNameW',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetUserDefaultLCID',
'GetLocaleInfoA',
'EnumSystemLocalesA',
'IsValidLocale',
'IsValidCodePage',
'HeapReAlloc',
'LoadLibraryA',
'GetLocaleInfoW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 76,
'NumberOfSections': 4,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 6144,
'.pdata\x00\x00': 8192,
'.rdata\x00\x00': 32256,
'.text\x00\x00\x00': 98304},
'StackReserveSize': 1048576,
'filename': './data/malware/4621b7ffe87b96683b8c55de1464089f6b8fd8564f9b3164fa4113039428cb7d'},
'46bc4c8119718c81909742d4faf14a9e38cda9925a2943ba36ce94362fa20a2a': {'AddressOfEntryPoint': 137036,
'DebugRVA': 182240,
'DebugSize': 28,
'Dll': 33024,
'ExportRVA': 211504,
'ExportSize': 51,
'IATRVA': 180224,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'COMCTL32.dll': 'InitCommonControlsEx',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'RtlLookupFunctionEntry',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'SHGetFileInfoW',
'SHLWAPI.dll': 'SHAutoComplete',
'USER32.dll': 'LoadIconW',
'ole32.dll': 'CreateStreamOnHGlobal'},
'ImportedFunctions': ['InitCommonControlsEx',
'SHAutoComplete',
'ReadFile',
'GetFileAttributesW',
'SetFileAttributesW',
'FindNextFileW',
'GetFullPathNameW',
'GetModuleFileNameW',
'FindResourceW',
'GetModuleHandleW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'GetCurrentProcessId',
'GetLocaleInfoW',
'GetNumberFormatW',
'ExpandEnvironmentStringsW',
'WaitForSingleObject',
'DosDateTimeToFileTime',
'GetDateFormatW',
'GetTimeFormatW',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'GetExitCodeProcess',
'GetTempPathW',
'MoveFileExW',
'Sleep',
'UnmapViewOfFile',
'MapViewOfFile',
'GetCommandLineW',
'CreateFileMappingW',
'GetTickCount',
'SetEnvironmentVariableW',
'OpenFileMappingW',
'CreateThread',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetProcessAffinityMask',
'ReleaseSemaphore',
'ResetEvent',
'DeleteCriticalSection',
'SetEvent',
'SetThreadPriority',
'InitializeCriticalSection',
'CreateEventW',
'CreateSemaphoreW',
'SystemTimeToFileTime',
'GetSystemTime',
'LocalFileTimeToFileTime',
'WideCharToMultiByte',
'MultiByteToWideChar',
'CompareStringW',
'IsDBCSLeadByte',
'GetCPInfo',
'FindFirstFileW',
'GetFileType',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'GetLocaleInfoA',
'GetStringTypeW',
'GetStringTypeA',
'InitializeCriticalSectionAndSpinCount',
'LoadLibraryA',
'GetConsoleMode',
'GetConsoleCP',
'QueryPerformanceCounter',
'SetHandleCount',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'LCMapStringW',
'LCMapStringA',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'GetModuleFileNameA',
'ExitProcess',
'HeapSize',
'RtlCaptureContext',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'HeapCreate',
'HeapSetInformation',
'FlsAlloc',
'GetCurrentThreadId',
'FlsFree',
'FlsSetValue',
'FlsGetValue',
'DecodePointer',
'EncodePointer',
'GetStartupInfoA',
'GetCommandLineA',
'HeapAlloc',
'RtlPcToFileHeader',
'RaiseException',
'SetEndOfFile',
'SetFilePointer',
'GetStdHandle',
'WriteFile',
'FlushFileBuffers',
'GetLongPathNameW',
'MoveFileW',
'GetShortPathNameW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetCurrentDirectoryW',
'DeleteFileW',
'FindClose',
'CreateFileW',
'DeviceIoControl',
'SetFileTime',
'GetCurrentProcess',
'CloseHandle',
'CreateHardLinkW',
'SetLastError',
'GetLastError',
'GetCurrentDirectoryW',
'CreateFileA',
'GlobalAlloc',
'GetSystemTimeAsFileTime',
'HeapReAlloc',
'HeapFree',
'RtlUnwindEx',
'RtlLookupFunctionEntry',
'EnableWindow',
'GetDlgItem',
'ShowWindow',
'MessageBoxW',
'FindWindowExW',
'GetParent',
'MapWindowPoints',
'CreateWindowExW',
'UpdateWindow',
'LoadCursorW',
'RegisterClassExW',
'DefWindowProcW',
'DestroyWindow',
'CopyRect',
'IsWindow',
'CharUpperW',
'OemToCharBuffA',
'LoadBitmapW',
'SetWindowLongPtrW',
'PostMessageW',
'GetSysColor',
'SetForegroundWindow',
'WaitForInputIdle',
'IsWindowVisible',
'DialogBoxParamW',
'DestroyIcon',
'SetFocus',
'GetClassNameW',
'SendDlgItemMessageW',
'GetDlgItemTextW',
'EndDialog',
'SetDlgItemTextW',
'wvsprintfW',
'SendMessageW',
'GetDC',
'ReleaseDC',
'PeekMessageW',
'GetMessageW',
'TranslateMessage',
'DispatchMessageW',
'LoadStringW',
'GetWindowRect',
'GetClientRect',
'GetWindowLongPtrW',
'SetWindowPos',
'GetWindowTextW',
'SetWindowTextW',
'GetSystemMetrics',
'GetWindow',
'GetWindowLongW',
'SetWindowLongW',
'LoadIconW',
'GetDeviceCaps',
'CreateCompatibleDC',
'GetObjectW',
'CreateCompatibleBitmap',
'SelectObject',
'StretchBlt',
'DeleteDC',
'DeleteObject',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'RegCloseKey',
'SetFileSecurityW',
'OpenProcessToken',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'SHBrowseForFolderW',
'ShellExecuteExW',
'SHGetSpecialFolderLocation',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetMalloc',
'SHChangeNotify',
'SHGetFileInfoW',
'CLSIDFromString',
'CoCreateInstance',
'OleInitialize',
'OleUninitialize',
'CreateStreamOnHGlobal',
'VariantInit'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 213,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 26112,
'SectionNames': {'.data\x00\x00\x00': 6656,
'.pdata\x00\x00': 8704,
'.rdata\x00\x00': 31744,
'.rsrc\x00\x00\x00': 26112,
'.text\x00\x00\x00': 174080},
'StackReserveSize': 1048576,
'filename': './data/malware/46bc4c8119718c81909742d4faf14a9e38cda9925a2943ba36ce94362fa20a2a'},
'46f0980e21c9995bd5357a4ca872c3d3ee965d3942d99c982270b85f382b3905': {'AddressOfEntryPoint': 257980,
'DebugRVA': 6768,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegisterTraceGuidsW',
'COMCTL32.dll': 'DestroyPropertySheetPage',
'GDI32.dll': 'SelectObject',
'KERNEL32.dll': 'CreateProcessW',
'OLEAUT32.dll': 'VariantInit',
'RPCRT4.dll': 'RpcStringFreeW',
'SHELL32.dll': 'SHGetPathFromIDListW',
'SHLWAPI.dll': 'StrStrW',
'USER32.dll': 'ShowWindow',
'VERSION.dll': 'GetFileVersionInfoW',
'msvcrt.dll': '_errno',
'ole32.dll': 'CoInitializeEx',
'urlmon.dll': 'IsValidURL'},
'ImportedFunctions': ['CreateDirectoryW',
'SwitchToThread',
'DeleteCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetSystemWindowsDirectoryW',
'SetFilePointerEx',
'SetEvent',
'GetSystemDirectoryW',
'GetExitCodeProcess',
'GetFileAttributesW',
'ReadFile',
'GetModuleFileNameW',
'GetStartupInfoW',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'RtlCaptureContext',
'OutputDebugStringA',
'RtlPcToFileHeader',
'SetUnhandledExceptionFilter',
'GetModuleHandleW',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetTickCount',
'QueryPerformanceCounter',
'GetCurrentProcess',
'TerminateProcess',
'UnhandledExceptionFilter',
'LocalAlloc',
'LocalFree',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'SetErrorMode',
'GetDiskFreeSpaceExW',
'FileTimeToLocalFileTime',
'GetLastError',
'FormatMessageW',
'CreateThread',
'SuspendThread',
'ResumeThread',
'WaitForSingleObject',
'GetLocalTime',
'SystemTimeToFileTime',
'GetTimeFormatW',
'EnterCriticalSection',
'LeaveCriticalSection',
'CloseHandle',
'SetLastError',
'MulDiv',
'lstrcmpW',
'GetTempPathW',
'GetTempFileNameW',
'DeleteFileW',
'CreateFileW',
'WriteFile',
'GetFileSizeEx',
'IsWow64Process',
'CreateEventW',
'RemoveDirectoryW',
'VirtualProtect',
'HeapSetInformation',
'GetProcessHeap',
'HeapFree',
'HeapAlloc',
'WaitForMultipleObjects',
'LockResource',
'GetVersionExW',
'SizeofResource',
'LoadResource',
'FindResourceW',
'ExpandEnvironmentStringsW',
'FileTimeToSystemTime',
'GetSystemTime',
'EncodePointer',
'DecodePointer',
'QueueUserWorkItem',
'EnumResourceNamesW',
'GetLogicalDrives',
'GetDriveTypeW',
'WritePrivateProfileStringW',
'GetPrivateProfileIntW',
'GetPrivateProfileStringW',
'WritePrivateProfileSectionW',
'MoveFileW',
'SetFilePointer',
'FlushFileBuffers',
'IsDebuggerPresent',
'OutputDebugStringW',
'InitializeCriticalSection',
'TryEnterCriticalSection',
'SetEndOfFile',
'GlobalFree',
'GetFullPathNameW',
'LoadLibraryA',
'RaiseException',
'Sleep',
'GetCurrentThreadId',
'LoadLibraryExW',
'CreateProcessW',
'realloc',
'__pioinfo',
'__badioinfo',
'_read',
'wcstombs',
'iswctype',
'wctomb',
'__mb_cur_max',
'mbtowc',
'localeconv',
'calloc',
'_fileno',
'isleadbyte',
'isxdigit',
'isdigit',
'_onexit',
'__dllonexit',
'_unlock',
'_lock',
'?terminate@@YAXXZ',
'??1type_info@@UEAA@XZ',
'_CxxThrowException',
'??1bad_cast@@UEAA@XZ',
'??1__non_rtti_object@@UEAA@XZ',
'??0bad_typeid@@QEAA@AEBV0@@Z',
'??0bad_cast@@QEAA@AEBV0@@Z',
'??0__non_rtti_object@@QEAA@AEBV0@@Z',
'??0__non_rtti_object@@QEAA@PEBD@Z',
'??0bad_cast@@QEAA@PEBD@Z',
'memmove',
'memset',
'_commode',
'_fmode',
'_wcmdln',
'__C_specific_handler',
'_initterm',
'__setusermatherr',
'_cexit',
'_exit',
'exit',
'__set_app_type',
'__wgetmainargs',
'memcmp',
'_wcsicmp',
'towlower',
'_vsnprintf',
'??0exception@@QEAA@XZ',
'wcschr',
'iswspace',
'_vscwprintf',
'_vscprintf',
'??0exception@@QEAA@AEBQEBD@Z',
'_wfopen',
'wcsrchr',
'feof',
'fgetws',
'fclose',
'time',
'qsort',
'bsearch',
'_waccess',
'_wctime',
'ungetc',
'wcsncmp',
'_vsnwprintf',
'_wcsupr',
'memcpy',
'_purecall',
'_amsg_exit',
'_XcptFilter',
'??0exception@@QEAA@AEBV0@@Z',
'??0exception@@QEAA@AEBQEBDH@Z',
'??1exception@@UEAA@XZ',
'?what@exception@@UEBAPEBDXZ',
'malloc',
'free',
'__CxxFrameHandler',
'_errno',
'InitCommonControlsEx',
'PropertySheetW',
'CreatePropertySheetPageW',
'DestroyPropertySheetPage',
'PathRemoveFileSpecW',
'StrStrIW',
'StrStrW',
'ShellExecuteW',
'Shell_NotifyIconW',
'ShellExecuteExW',
'SHGetFolderLocation',
'SHBrowseForFolderW',
'SHGetPathFromIDListW',
'StringFromGUID2',
'CoCreateGuid',
'CoUninitialize',
'CoTaskMemFree',
'CoCreateInstance',
'CoInitializeEx',
'CryptAcquireContextW',
'CryptReleaseContext',
'CryptGenRandom',
'RegCreateKeyExW',
'RegQueryValueExW',
'RegDeleteValueW',
'RegOpenKeyExW',
'CryptGetHashParam',
'CryptHashData',
'CryptCreateHash',
'CryptDestroyHash',
'RegCloseKey',
'RegSetValueExW',
'CopySid',
'AllocateAndInitializeSid',
'FreeSid',
'GetLengthSid',
'CheckTokenMembership',
'OpenProcessToken',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'TraceEvent',
'GetTraceLoggerHandle',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'RegisterTraceGuidsW',
'GetObjectW',
'SetBkMode',
'SetTextColor',
'SetBkColor',
'GetTextExtentExPointW',
'CreateFontIndirectW',
'GetTextColor',
'GetTextMetricsW',
'ExtTextOutW',
'GetBkColor',
'CreateSolidBrush',
'DeleteObject',
'CreateCompatibleDC',
'CreateCompatibleBitmap',
'DeleteDC',
'SelectObject',
'GetFocus',
'ReleaseDC',
'SetRect',
'GetClientRect',
'LoadStringW',
'GetWindowTextLengthW',
'CharNextW',
'UnregisterClassW',
'RegisterClassExW',
'LoadCursorW',
'DefWindowProcW',
'PostQuitMessage',
'DispatchMessageW',
'TranslateMessage',
'GetMessageW',
'CreateWindowExW',
'RegisterClassW',
'MapWindowPoints',
'PtInRect',
'EnableWindow',
'SendDlgItemMessageW',
'GetSysColor',
'SetFocus',
'GetWindowLongPtrW',
'GetParent',
'OffsetRect',
'ScreenToClient',
'GetWindowRect',
'DrawTextExW',
'SetRectEmpty',
'GetDC',
'GetWindowTextW',
'SetWindowLongPtrW',
'PostMessageW',
'LoadImageW',
'DestroyIcon',
'DialogBoxParamW',
'EndDialog',
'GetDlgItem',
'LoadIconW',
'SendMessageW',
'SetWindowTextW',
'SetDlgItemTextW',
'ExitWindowsEx',
'MessageBoxW',
'IsWindowEnabled',
'InvalidateRect',
'UpdateWindow',
'SetCursor',
'SetCapture',
'ReleaseCapture',
'GetWindowLongW',
'FrameRect',
'DrawFocusRect',
'MoveWindow',
'GetKeyState',
'BeginPaint',
'EndPaint',
'ShowWindow',
'VariantClear',
'SysFreeString',
'SysAllocString',
'VariantInit',
'UuidFromStringW',
'UuidToStringW',
'UuidCreate',
'RpcStringFreeW',
'VerQueryValueW',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'IsValidURL'],
'LinkerVersion': 10,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 311,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 74962884,
'SectionNames': {'.data\x00\x00\x00': 6144,
'.pdata\x00\x00': 11264,
'.reloc\x00\x00': 4096,
'.rsrc\x00\x00\x00': 74962944,
'.text\x00\x00\x00': 330752},
'StackReserveSize': 524288,
'filename': './data/malware/46f0980e21c9995bd5357a4ca872c3d3ee965d3942d99c982270b85f382b3905'},
'473bc48119ba2883b34c83d240085957470e473ec6047cea082be3186dd954f6': {'AddressOfEntryPoint': 1074396116,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 155648,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'HeapReAlloc',
'OLEAUT32.dll': 'SysAllocStringLen',
'SETUPAPI.dll': 'SetupDiDestroyDeviceInfoList',
'SHELL32.dll': 'SHGetFolderPathA',
'SHLWAPI.dll': 'PathIsRelativeA',
'USER32.dll': 'IsDlgButtonChecked',
'VERSION.dll': 'VerQueryValueA',
'ole32.dll': 'CoSetProxyBlanket'},
'ImportedFunctions': ['GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiGetClassDevsA',
'SetupDiGetDeviceInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiSetClassInstallParamsA',
'SetupDiGetDeviceInstanceIdA',
'SetupDiClassGuidsFromNameA',
'SetupDiGetINFClassA',
'SetupDiEnumDriverInfoA',
'SetupDiBuildDriverInfoList',
'SetupDiSetDeviceInstallParamsA',
'SetupDiRegisterDeviceInfo',
'SetupDiSetDeviceRegistryPropertyA',
'SetupDiCreateDeviceInfoA',
'SetupDiCreateDeviceInfoList',
'SetupDiDestroyDriverInfoList',
'SetupDiSetSelectedDevice',
'SetupDiGetDriverInfoDetailA',
'SetupDiRemoveDevice',
'SetupDiDestroyDeviceInfoList',
'PathAppendA',
'PathUnquoteSpacesA',
'PathIsDirectoryA',
'PathIsRelativeA',
'CloseHandle',
'GetExitCodeProcess',
'WaitForSingleObject',
'CreateProcessA',
'FindClose',
'FindNextFileA',
'SetLastError',
'FindFirstFileA',
'GetSystemDirectoryA',
'GetProcAddress',
'GetModuleHandleA',
'Sleep',
'GetModuleFileNameA',
'SetCurrentDirectoryA',
'GetFullPathNameA',
'DeleteFileA',
'SetFileAttributesA',
'GetFileAttributesA',
'GetVersionExA',
'GetComputerNameA',
'GetUserDefaultLangID',
'GetCurrentDirectoryA',
'GetWindowsDirectoryA',
'GetCurrentProcess',
'ReleaseMutex',
'CreateDirectoryA',
'MapViewOfFile',
'CreateFileMappingA',
'CreateMutexA',
'UnmapViewOfFile',
'GetTimeFormatA',
'GetLocalTime',
'OutputDebugStringA',
'lstrcpynA',
'MoveFileExA',
'LocalAlloc',
'GetCurrentThread',
'FreeLibrary',
'LoadLibraryA',
'SetEnvironmentVariableA',
'Module32First',
'CreateToolhelp32Snapshot',
'FormatMessageA',
'Process32First',
'TerminateProcess',
'OpenProcess',
'WinExec',
'DeviceIoControl',
'CreateFileA',
'GetPrivateProfileStringA',
'CopyFileA',
'GetCurrentProcessId',
'GetCurrentThreadId',
'RemoveDirectoryA',
'RtlVirtualUnwind',
'DeleteCriticalSection',
'GetFileType',
'GetStdHandle',
'SetHandleCount',
'LeaveCriticalSection',
'EnterCriticalSection',
'RtlPcToFileHeader',
'RaiseException',
'LCMapStringW',
'WideCharToMultiByte',
'LCMapStringA',
'RtlCaptureContext',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'FlsAlloc',
'FlsFree',
'TlsFree',
'FlsSetValue',
'FlsGetValue',
'IsValidCodePage',
'GetOEMCP',
'SetStdHandle',
'GetACP',
'GetCPInfo',
'GetStartupInfoA',
'GetProcessHeap',
'HeapAlloc',
'GetCommandLineA',
'RtlUnwindEx',
'LocalFree',
'SetFilePointer',
'WriteFile',
'InitializeCriticalSection',
'MultiByteToWideChar',
'GetLastError',
'GetConsoleCP',
'GetConsoleMode',
'FlushFileBuffers',
'GetSystemTimeAsFileTime',
'HeapSetInformation',
'HeapCreate',
'HeapSize',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetTickCount',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'ReadFile',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'Process32Next',
'RtlLookupFunctionEntry',
'HeapFree',
'ExitProcess',
'CompareStringW',
'CompareStringA',
'SetEndOfFile',
'HeapReAlloc',
'UpdateWindow',
'GetProcessWindowStation',
'GetDesktopWindow',
'MessageBoxA',
'LoadStringA',
'EndDeferWindowPos',
'DeferWindowPos',
'BeginDeferWindowPos',
'GetUserObjectInformationA',
'GetWindowRect',
'LoadImageA',
'GetClientRect',
'SetWindowPos',
'OffsetRect',
'CopyRect',
'GetParent',
'CheckDlgButton',
'SetDlgItemTextA',
'GetDlgItem',
'EnableWindow',
'EndDialog',
'LoadBitmapA',
'GetWindowThreadProcessId',
'EnumWindows',
'DialogBoxParamA',
'GetWindowInfo',
'ExitWindowsEx',
'SendMessageA',
'GetSystemMetrics',
'CreateWindowExA',
'ShowWindow',
'IsDlgButtonChecked',
'OpenSCManagerA',
'OpenServiceA',
'ControlService',
'QueryServiceStatus',
'DeleteService',
'CloseServiceHandle',
'ImpersonateSelf',
'OpenThreadToken',
'AllocateAndInitializeSid',
'InitializeSecurityDescriptor',
'GetLengthSid',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'SetSecurityDescriptorGroup',
'SetSecurityDescriptorOwner',
'IsValidSecurityDescriptor',
'AccessCheck',
'RevertToSelf',
'FreeSid',
'RegDeleteValueA',
'RegEnumValueA',
'RegEnumKeyExA',
'RegQueryInfoKeyA',
'RegDeleteKeyA',
'LookupPrivilegeValueA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'RegSetValueExA',
'GetUserNameA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'SHGetSpecialFolderPathA',
'SHGetFolderPathA',
'CoUninitialize',
'CoCreateInstance',
'CoInitialize',
'CoSetProxyBlanket',
'SysFreeString',
'SysStringLen',
'SysAllocStringLen'],
'LinkerVersion': 8,
'NumberOfImportDLL': 10,
'NumberOfImportFunctions': 222,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 412764,
'SectionNames': {'#\r\n\x00c\x00\x00\x00': 413184,
'.data\x00\x00\x00': 7168,
'.pdata\x00\x00': 9216,
'.rdata\x00\x00': 62464,
'.text\x00\x00\x00': 150016},
'StackReserveSize': 1048576,
'filename': './data/malware/473bc48119ba2883b34c83d240085957470e473ec6047cea082be3186dd954f6'},
'4744f60445f39850f834c20b68585d747d509e812d307974d9a75f8a1b644ef5': {'AddressOfEntryPoint': 15308,
'DebugRVA': 5232,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueExW',
'KERNEL32.dll': 'SetUnhandledExceptionFilter',
'MSOERT2.dll': 'CopyRegistry',
'SHELL32.dll': 'SHGetSpecialFolderLocation',
'SHLWAPI.dll': 'SHSetValueW',
'USER32.dll': 'LoadStringW',
'msvcrt.dll': '__wgetmainargs',
'ntdll.dll': 'RtlVirtualUnwind',
'ole32.dll': 'CoFreeUnusedLibrariesEx'},
'ImportedFunctions': ['TraceEvent',
'GetTraceLoggerHandle',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'RegisterTraceGuidsA',
'UnregisterTraceGuids',
'RegCreateKeyExW',
'RegOpenKeyExW',
'RegSetValueW',
'RegCloseKey',
'RegSetValueExW',
'RegQueryValueExW',
'GetProcAddress',
'lstrlenW',
'LoadLibraryA',
'FreeLibrary',
'ExpandEnvironmentStringsW',
'CreateProcessW',
'WaitForSingleObject',
'GetExitCodeProcess',
'CloseHandle',
'CreateMutexW',
'ReleaseMutex',
'GetFileAttributesA',
'GetFileAttributesW',
'GetModuleHandleW',
'GetCurrentProcess',
'HeapSetInformation',
'SetConsoleCtrlHandler',
'GetVersionExA',
'SetFileAttributesW',
'DeleteFileW',
'GetShortPathNameW',
'GetCurrentDirectoryW',
'SetCurrentDirectoryW',
'FindFirstFileW',
'FindNextFileW',
'FindClose',
'FindFirstFileExW',
'CreateDirectoryW',
'GetStartupInfoW',
'Sleep',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'GetLastError',
'GetModuleHandleA',
'SetUnhandledExceptionFilter',
'UnhookWindowsHookEx',
'SetForegroundWindow',
'SendMessageTimeoutA',
'GetParent',
'GetLastActivePopup',
'GetPropW',
'SetWindowsHookExA',
'CallNextHookEx',
'AllowSetForegroundWindow',
'GetWindowThreadProcessId',
'FindWindowW',
'SendMessageW',
'GetGUIThreadInfo',
'IsDialogMessageW',
'SetPropW',
'IsChild',
'MessageBoxW',
'LoadStringW',
'memset',
'_vsnwprintf',
'?terminate@@YAXXZ',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_initterm',
'_wcmdln',
'exit',
'_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__wgetmainargs',
'CopyRegistry',
'OleInitialize',
'CoFreeUnusedLibraries',
'CoCreateInstance',
'CoTaskMemFree',
'CoUninitialize',
'CoInitializeEx',
'CoFreeAllLibraries',
'OleUninitialize',
'CoFreeUnusedLibrariesEx',
'SHCreateItemFromParsingName',
'SHGetSpecialFolderPathW',
'SHChangeNotify',
'SHGetSpecialFolderLocation',
'StrCmpW',
'PathAddExtensionW',
'PathRemoveBlanksW',
'PathCombineW',
'SHRegGetBoolUSValueA',
'SHDeleteKeyW',
'PathRemoveFileSpecW',
'PathAppendW',
'StrStrIW',
'SHRegGetValueA',
'PathFindFileNameW',
'StrCmpNIW',
'SHGetValueW',
'StrCmpIW',
'SHRegGetValueW',
'SHSetValueW',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind'],
'LinkerVersion': 9,
'NumberOfImportDLL': 10,
'NumberOfImportFunctions': 119,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 367568,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 367616,
'.text\x00\x00\x00': 27648,
'.tls\x00\x00\x00\x00': 512},
'StackReserveSize': 524288,
'filename': './data/malware/4744f60445f39850f834c20b68585d747d509e812d307974d9a75f8a1b644ef5'},
'47851153e1efd092eafbfaae15b18f20bb8cd699cf1062ed7c11e43c4181a78c': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'GetTickCount',
'SetUnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'GetCommandLineW',
'UnhandledExceptionFilter',
'ExitProcess',
'HeapSetInformation',
'EnumResourceNamesW',
'FindResourceW',
'FreeLibrary',
'LoadResource',
'CreateProcessW',
'HeapAlloc',
'GetSystemWindowsDirectoryW',
'HeapFree',
'CreateDirectoryW',
'WaitForSingleObject',
'GetProcessHeap',
'WriteFile',
'GetSystemDirectoryW',
'LoadLibraryW',
'SizeofResource',
'GetExitCodeProcess',
'CreateFileW',
'GetLastError',
'GetCurrentDirectoryW',
'GetProcAddress',
'LockResource',
'SetCurrentDirectoryW',
'RemoveDirectoryW',
'CloseHandle',
'DeleteFileW',
'SetFileAttributesW',
'RegCloseKey',
'RegOpenKeyExW',
'RegDeleteValueW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 50,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 847980,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 848384,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/47851153e1efd092eafbfaae15b18f20bb8cd699cf1062ed7c11e43c4181a78c'},
'47a7a5de661e37d6754f0ca1d24e6feb49f5e8b4080b0a40b794d8904a011ad6': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 379064,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 379392,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/47a7a5de661e37d6754f0ca1d24e6feb49f5e8b4080b0a40b794d8904a011ad6'},
'47bca70cbc72253dd7d97d83edb7d1456f0e2c2ba4b667f98fe1456c5edf5c07': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 227236,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 227328,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/47bca70cbc72253dd7d97d83edb7d1456f0e2c2ba4b667f98fe1456c5edf5c07'},
'47e60a03fff1c174edbebb6a60e48ee5a8b048f2c6c34e8ecac0ceed8ebdf8a4': {'AddressOfEntryPoint': 41060,
'DebugRVA': 28864,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NTOSKRNL.exe': 'KeBugCheckEx',
'PCIIDEX.SYS': 'AtaPortWriteRegisterUlong'},
'ImportedFunctions': ['AtaPortGetPhysicalAddress',
'AtaPortReadRegisterUlong',
'AtaPortInitializeEx',
'AtaPortDeviceStateChange',
'AtaPortRegistryFreeBuffer',
'AtaPortGetBusData',
'AtaPortRegistryRead',
'AtaPortDebugPrint',
'AtaPortRegistryAllocateBuffer',
'AtaPortRequestCallback',
'AtaPortGetUnCachedExtension',
'AtaPortReadRegisterUchar',
'AtaPortNotification',
'AtaPortBuildRequestSenseIrb',
'AtaPortReleaseRequestSenseIrb',
'AtaPortCompleteRequest',
'AtaPortMoveMemory',
'AtaPortGetDeviceBase',
'AtaPortGetScatterGatherList',
'AtaPortStallExecution',
'AtaPortWriteRegisterUlong',
'KeBugCheckEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 22,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 976,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 24064,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/47e60a03fff1c174edbebb6a60e48ee5a8b048f2c6c34e8ecac0ceed8ebdf8a4'},
'47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84': {'AddressOfEntryPoint': 20488,
'DebugRVA': 8304,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'HalGetBusDataByOffset',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['MmUnmapIoSpace',
'MmMapIoSpace',
'IofCompleteRequest',
'IoDeleteDevice',
'IoCreateDevice',
'KeBugCheckEx',
'RtlInitUnicodeString',
'IoCreateSymbolicLink',
'IoDeleteSymbolicLink',
'__C_specific_handler',
'HalSetBusDataByOffset',
'HalGetBusDataByOffset'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 12,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 944,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 2048,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84'},
'47fd3cbebe85ff92a7c7939c289361822c45c1c1c0887cbcbf7478b45244b1bc': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 744108,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 744448,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/47fd3cbebe85ff92a7c7939c289361822c45c1c1c0887cbcbf7478b45244b1bc'},
'480dd6a26428416c54673d10d25e3bbbfce07430713f4fa73168063b55babb93': {'AddressOfEntryPoint': 44972,
'DebugRVA': 400492,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 401408,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'EventWrite',
'COMCTL32.dll': 'PropertySheetW',
'GDI32.dll': 'SetBkColor',
'KERNEL32.dll': 'InitializeCriticalSection',
'OLEAUT32.dll': 'VariantInit',
'RPCRT4.dll': 'UuidCreate',
'SHELL32.dll': 'ShellExecuteExW',
'USER32.dll': 'DestroyWindow',
'UxTheme.dll': 'IsThemeActive',
'VERSION.dll': 'GetFileVersionInfoExW',
'WINMM.dll': 'timeGetTime',
'gdiplus.dll': 'GdipGetImageGraphicsContext',
'msvcrt.dll': '_wcsrev',
'ntdll.dll': 'NtQueryLicenseValue',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['SHGetSpecialFolderPathW',
'SHGetFolderPathW',
'ShellAboutW',
'ShellExecuteExW',
'GdipCloneImage',
'GdipCreateBitmapFromScan0',
'GdipCreateHBITMAPFromBitmap',
'GdipCreateFromHDC',
'GdipDrawImageRectI',
'GdipCreateBitmapFromHBITMAP',
'GdipCloneBitmapAreaI',
'GdipSetPageUnit',
'GdipFillRectangleI',
'GdipDeletePen',
'GdipCreatePen1',
'GdipDisposeImage',
'GdipCreateSolidFill',
'GdipDeleteBrush',
'GdipAlloc',
'GdipFree',
'GdiplusShutdown',
'GdiplusStartup',
'GdipDrawArcI',
'GdipSetSmoothingMode',
'GdipSetInterpolationMode',
'GdipDeleteGraphics',
'GdipDrawLineI',
'GdipGetImageGraphicsContext',
'RegEnumKeyExW',
'RegOpenKeyExW',
'RegEnumValueW',
'RegGetValueW',
'RegDeleteKeyW',
'RegQueryInfoKeyW',
'RegQueryValueExW',
'RegSetValueExW',
'QueryServiceConfigW',
'OpenServiceW',
'OpenSCManagerW',
'CloseServiceHandle',
'EventUnregister',
'EventRegister',
'RegCloseKey',
'RegCreateKeyExW',
'EventWrite',
'SysFreeString',
'SysAllocStringByteLen',
'VariantClear',
'SysStringLen',
'SysAllocString',
'VariantInit',
'IsThemeActive',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'ImageList_Destroy',
'ImageList_Create',
'ImageList_Add',
'CreatePropertySheetPageW',
'PropertySheetW',
'WinSqmAddToStreamEx',
'RtlInitUnicodeString',
'WinSqmAddToStream',
'WinSqmIncrementDWORD',
'NtQueryLicenseValue',
'lstrlenA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'WideCharToMultiByte',
'GetVersionExA',
'DeleteCriticalSection',
'GetCurrentProcessId',
'LeaveCriticalSection',
'GetModuleHandleW',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'FindResourceExW',
'GetSystemTime',
'WaitForSingleObject',
'CreateEventW',
'CreateThread',
'ResetEvent',
'SetEvent',
'CloseHandle',
'GlobalSize',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'lstrcmpW',
'MulDiv',
'GlobalFindAtomW',
'GetLastError',
'MultiByteToWideChar',
'GetLocalTime',
'GetDateFormatW',
'GetLocaleInfoW',
'WritePrivateProfileStringW',
'GetPrivateProfileStringW',
'lstrcmpiW',
'LoadLibraryW',
'GetProcAddress',
'GetLocaleInfoEx',
'FreeLibrary',
'LoadLibraryExA',
'DelayLoadFailureHook',
'HeapAlloc',
'GetCurrentProcess',
'HeapFree',
'GetProcessHeap',
'Wow64DisableWow64FsRedirection',
'GetVersionExW',
'Wow64RevertWow64FsRedirection',
'GetFileAttributesW',
'GetModuleFileNameW',
'FreeLibraryAndExitThread',
'IsWow64Process',
'LocalFree',
'LocalAlloc',
'LocalReAlloc',
'GetProfileStringW',
'lstrlenW',
'CompareStringW',
'RegisterApplicationRecoveryCallback',
'ApplicationRecoveryInProgress',
'Sleep',
'ApplicationRecoveryFinished',
'RegisterApplicationRestart',
'GetTempFileNameW',
'SystemTimeToFileTime',
'CompareFileTime',
'FileTimeToSystemTime',
'CreateFileW',
'DeleteFileW',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'HeapDestroy',
'HeapReAlloc',
'HeapSize',
'RaiseException',
'EnterCriticalSection',
'InitializeCriticalSection',
'SetWindowLongW',
'SetWindowLongPtrW',
'GetWindowLongPtrW',
'EnableWindow',
'GetWindowTextLengthW',
'GetWindowTextW',
'PostMessageW',
'IsWindowEnabled',
'CharNextA',
'IsClipboardFormatAvailable',
'GetMenuState',
'GetFocus',
'OpenClipboard',
'GetClipboardData',
'InvalidateRect',
'CloseClipboard',
'EmptyClipboard',
'SetClipboardData',
'PostQuitMessage',
'DefWindowProcW',
'LoadAcceleratorsW',
'InsertMenuItemW',
'RegisterClassExW',
'SetWindowPlacement',
'SetForegroundWindow',
'GetMessageW',
'TranslateAcceleratorW',
'GetMessageExtraInfo',
'TranslateMessage',
'DispatchMessageW',
'GetKeyState',
'IsDialogMessageW',
'GetClassNameW',
'GetDC',
'ReleaseDC',
'GetSystemMetrics',
'GetWindowLongW',
'DrawTextW',
'EnumChildWindows',
'SetPropW',
'SystemParametersInfoW',
'GetWindowPlacement',
'UpdateWindow',
'SendDlgItemMessageW',
'IsDlgButtonChecked',
'MoveWindow',
'SetDlgItemInt',
'GetDlgItemInt',
'SetClassLongW',
'GetNextDlgTabItem',
'MonitorFromWindow',
'GetMonitorInfoW',
'OffsetRect',
'EqualRect',
'MonitorFromRect',
'GetClassWord',
'EnumDesktopWindows',
'EnumDisplayMonitors',
'IntersectRect',
'CopyRect',
'CreateDialogParamW',
'GetProcessDefaultLayout',
'CreatePopupMenu',
'TrackPopupMenu',
'GetAncestor',
'FindWindowW',
'DialogBoxParamW',
'CheckMenuItem',
'GetSysColor',
'SetClassLongPtrW',
'GetClassLongPtrW',
'EndDialog',
'SetWindowPos',
'GetDlgItem',
'GetWindowRect',
'SendMessageW',
'MessageBeep',
'LoadCursorW',
'SetCursor',
'DrawMenuBar',
'SetMenuItemInfoW',
'AppendMenuW',
'LoadStringW',
'GetSubMenu',
'RemoveMenu',
'CheckMenuRadioItem',
'SetFocus',
'MapWindowPoints',
'EnableMenuItem',
'GetParent',
'GetMenu',
'GetClientRect',
'LoadImageW',
'UnregisterClassA',
'FillRect',
'SetWindowTextW',
'ShowWindow',
'CreateWindowExW',
'CheckRadioButton',
'DestroyWindow',
'UuidToStringW',
'RpcStringFreeW',
'UuidCreate',
'timeGetTime',
'VerQueryValueW',
'GetFileVersionInfoSizeExW',
'GetFileVersionInfoExW',
'CreatePatternBrush',
'DeleteObject',
'SetBkMode',
'SelectObject',
'GetTextExtentPointW',
'DeleteDC',
'GetRgnBox',
'CreateSolidBrush',
'GetTextMetricsW',
'GetTextExtentPoint32W',
'GetObjectW',
'ExtCreatePen',
'MoveToEx',
'LineTo',
'CreateCompatibleBitmap',
'CreateRectRgn',
'CreateRectRgnIndirect',
'SetRectRgn',
'CombineRgn',
'EqualRgn',
'CreateDIBSection',
'CreateFontIndirectW',
'CreateCompatibleDC',
'GetDeviceCaps',
'SetTextColor',
'GetStockObject',
'SetBkColor',
'_wcsdup',
'_i64tow_s',
'_wtoi64',
'sprintf_s',
'_strtoi64',
'_strtoui64',
'memchr',
'strcspn',
'wcsrchr',
'wcstoul',
'isalpha',
'time',
'difftime',
'memmove',
'memset',
'__C_specific_handler',
'??0exception@@QEAA@AEBQEBDH@Z',
'_CxxThrowException',
'_callnewh',
'__CxxFrameHandler3',
'setlocale',
'__pctype_func',
'___lc_codepage_func',
'___lc_handle_func',
'localeconv',
'_errno',
'___mb_cur_max_func',
'__mb_cur_max',
'__crtGetStringTypeW',
'__crtLCMapStringW',
'__uncaught_exception',
'tolower',
'isspace',
'abort',
'isalnum',
'__getmainargs',
'_XcptFilter',
'_exit',
'_ismbblead',
'_cexit',
'_acmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'??1type_info@@UEAA@XZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'?terminate@@YAXXZ',
'iswalpha',
'iswdigit',
'_wcslwr_s',
'_wcsnicmp',
'wcsncmp',
'_itow_s',
'calloc',
'wcschr',
'_wcsicmp',
'_itoa',
'_wtoi',
'_vsnwprintf',
'wcscat_s',
'wcscpy_s',
'wcstol',
'mbstowcs_s',
'exit',
'isdigit',
'isxdigit',
'toupper',
'_purecall',
'malloc',
'??0exception@@QEAA@XZ',
'memmove_s',
'??0exception@@QEAA@AEBQEBD@Z',
'??1exception@@UEAA@XZ',
'?what@exception@@UEBAPEBDXZ',
'memcpy_s',
'??0exception@@QEAA@AEBV0@@Z',
'free',
'memcpy',
'_wcsrev'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 370,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 403352,
'SectionNames': {'.data\x00\x00\x00': 19968,
'.pdata\x00\x00': 26112,
'.rdata\x00\x00': 69632,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 403456,
'.text\x00\x00\x00': 396800},
'StackReserveSize': 524288,
'filename': './data/malware/480dd6a26428416c54673d10d25e3bbbfce07430713f4fa73168063b55babb93'},
'48889e272a054bcb255dd74fcec273a61da8d6789c842cf20c06fbec37ace1ee': {'AddressOfEntryPoint': 122064,
'DebugRVA': 215376,
'DebugSize': 56,
'Dll': 0,
'ExportRVA': 327680,
'ExportSize': 4377,
'IATRVA': 217088,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'NETIO.SYS': 'GetBestRoute2',
'TDI.SYS': 'TdiDeregisterPnPHandlers',
'ksecdd.sys': 'DeleteSecurityContext',
'msrpc.sys': 'RpcBindingFree',
'ntoskrnl.exe': '__C_specific_handler',
'rdbss.sys': 'RxStartMinirdr'},
'ImportedFunctions': ['ExInterlockedInsertTailList',
'KeInitializeSpinLock',
'KeGetCurrentNodeNumber',
'ExpInterlockedPopEntrySList',
'ExpInterlockedPushEntrySList',
'ExQueryDepthSList',
'IoAllocateMdl',
'MmBuildMdlForNonPagedPool',
'IoFreeMdl',
'ExInitializeNPagedLookasideList',
'KeQueryHighestNodeNumber',
'ExDeleteNPagedLookasideList',
'RtlTimeFieldsToTime',
'toupper',
'KeAcquireSpinLockAtDpcLevel',
'KeReleaseSpinLockFromDpcLevel',
'ExAcquireResourceExclusiveLite',
'KeInitializeEvent',
'KeQueryTimeIncrement',
'KeWaitForSingleObject',
'KeFlushQueuedDpcs',
'RtlUnicodeStringToOemString',
'RtlUpcaseUnicodeStringToOemString',
'ExAcquireSpinLockShared',
'ExReleaseSpinLockShared',
'FsRtlCancellableWaitForMultipleObjects',
'FsRtlCancellableWaitForSingleObject',
'KeBugCheckEx',
'KeTryToAcquireSpinLockAtDpcLevel',
'KeAcquireInStackQueuedSpinLock',
'KeReleaseInStackQueuedSpinLock',
'ExAcquireRundownProtection',
'ExReleaseRundownProtection',
'RtlCopyUnicodeString',
'ExInitializeResourceLite',
'ExDeleteResourceLite',
'IoWMIOpenBlock',
'IoWMISetNotificationCallback',
'ObfDereferenceObject',
'RtlAppendUnicodeToString',
'RtlAppendUnicodeStringToString',
'ZwOpenFile',
'KeReleaseSpinLock',
'RtlCompareUnicodeString',
'IoCreateFile',
'RtlInitializeSid',
'RtlIntegerToUnicodeString',
'IoRaiseInformationalHardError',
'MmUnmapLockedPages',
'IoBuildPartialMdl',
'NlsMbOemCodePageTag',
'RtlxUnicodeStringToOemSize',
'ExWaitForRundownProtectionRelease',
'IoFreeIrp',
'IoGetCurrentProcess',
'RtlInitAnsiString',
'KeResetEvent',
'KeQueryActiveProcessorCountEx',
'LsaFreeReturnBuffer',
'SeMarkLogonSessionForTerminationNotification',
'MmProbeAndLockPages',
'MmUnlockPages',
'MmMapLockedPagesSpecifyCache',
'ExInitializeRundownProtection',
'KfRaiseIrql',
'KeAcquireInStackQueuedSpinLockAtDpcLevel',
'KeReleaseInStackQueuedSpinLockFromDpcLevel',
'KeLowerIrql',
'KeExpandKernelStackAndCallout',
'ProbeForWrite',
'KeStackAttachProcess',
'IoGetRequestorProcess',
'KeUnstackDetachProcess',
'KeDelayExecutionThread',
'RtlCompareMemory',
'EtwWrite',
'KeLeaveCriticalRegion',
'KeEnterCriticalRegion',
'IofCompleteRequest',
'KeSetEvent',
'_wcsnicmp',
'ZwSetValueKey',
'ZwQueryValueKey',
'KeAcquireSpinLockRaiseToDpc',
'SeRegisterLogonSessionTerminatedRoutine',
'SeUnregisterLogonSessionTerminatedRoutine',
'RtlEqualUnicodeString',
'RtlHashUnicodeString',
'ExfReleasePushLockShared',
'ExfAcquirePushLockShared',
'KeReleaseGuardedMutex',
'IoIs32bitProcess',
'KeAcquireGuardedMutex',
'ExReleaseResourceLite',
'ExAcquireResourceSharedLite',
'ExfTryToWakePushLock',
'ExfAcquirePushLockExclusive',
'RtlLengthRequiredSid',
'IoWMIRegistrationControl',
'RtlGUIDFromString',
'ZwEnumerateValueKey',
'ZwOpenKey',
'RtlVerifyVersionInfo',
'VerSetConditionMask',
'RtlFreeUnicodeString',
'EtwUnregister',
'ZwClose',
'ExUuidCreate',
'IofCallDriver',
'ObReferenceObjectByHandle',
'ZwCreateFile',
'IoGetRelatedDeviceObject',
'KeReadStateEvent',
'RtlIpv6AddressToStringA',
'IoAllocateIrp',
'RtlIpv4AddressToStringA',
'EtwProviderEnabled',
'IoGetActivityIdThread',
'RtlPrefixUnicodeString',
'KeInitializeGuardedMutex',
'EtwRegister',
'RtlGetDaclSecurityDescriptor',
'RtlSetDaclSecurityDescriptor',
'RtlCreateSecurityDescriptor',
'RtlAddAccessAllowedAce',
'RtlCreateAcl',
'RtlNtStatusToDosError',
'RtlSubAuthoritySid',
'MmGetSystemRoutineAddress',
'NtDeviceIoControlFile',
'RtlInitUnicodeString',
'ExAllocatePoolWithTag',
'ExFreePoolWithTag',
'ExReleaseSpinLockExclusive',
'ExAcquireSpinLockExclusive',
'SeReleaseSubjectContext',
'SeExports',
'SeSinglePrivilegeCheck',
'SeAccessCheck',
'SeCaptureSubjectContext',
'PcwUnregister',
'PcwRegister',
'PcwAddInstance',
'ZwDeviceIoControlFile',
'IoCancelIrp',
'__C_specific_handler',
'KeQueryPerformanceCounter',
'RxDereferenceAndDeleteRxContext_Real',
'RxCreateRxContext',
'RxLowIoGetBufferAddress',
'RxMapUserBuffer',
'RxNameCacheExpireEntriesWithPrefix',
'RxUpdateNetRootCachingMode',
'RxNameCacheScavengeEntries',
'RxTearDownDiagnosticLogger',
'RxDereferenceCredential',
'RxInitializeDiagnosticLogger',
'RxCeFreeIrp',
'RxRegisterAsynchronousRequest',
'RxDeregisterAsynchronousRequest',
'RxCeAllocateIrpWithMDL',
'RxGetRDBSSProcess',
'RxLogEventWithAnnotation',
'RxReferenceCredential',
'RxFindEa',
'RxPerProcessCountersEnabled',
'RxCancelContext',
'RxClearMinirdrCancelRoutine',
'RxSetMinirdrCancelRoutine',
'RxDiagnosticTrace',
'RxpTrackDereference',
'RxFinalizeConnection',
'RxReference',
'RxpTrackReference',
'RxPrefixTableEnumerate',
'RxPrefixTableInitEnumContext',
'RxIsPrefixTableEmpty',
'RxPostToWorkerThread',
'RxPostPreAllocatedOneShotTimerRequest',
'RxCancelPreAllocatedTimerRequest',
'RxLogEventDirect',
'RxFsdDispatch',
'RxUnregisterMinirdr',
'RxRegisterMinirdr',
'RxDispatchToWorkerThread',
'RxDereference',
'RxPrefixTableLookupName',
'RxSetDomainForMailslotBroadcast',
'RxDeleteLinkedVNetRoot',
'RxCreateLinkedVNetRoot',
'RxSignalNetStatus',
'RxStopMinirdr',
'RxStartMinirdr',
'BCryptEncrypt',
'BCryptOpenAlgorithmProvider',
'BCryptKeyDerivation',
'BCryptGenerateSymmetricKey',
'InitSecurityInterfaceW',
'BCryptDecrypt',
'BCryptSetProperty',
'BCryptDestroyKey',
'BCryptGetProperty',
'GetSecurityUserInfo',
'SspiEncodeStringsAsAuthIdentity',
'MapSecurityError',
'SspiCompareAuthIdentities',
'BCryptDestroyHash',
'FreeCredentialsHandle',
'BCryptCloseAlgorithmProvider',
'DeleteSecurityContext',
'TdiRegisterPnPHandlers',
'TdiCopyBufferToMdl',
'TdiCopyMdlToBuffer',
'TdiDeregisterPnPHandlers',
'FreeMibTable',
'GetUnicastIpAddressTable',
'NsiSetAllParameters',
'NsiFreeTable',
'NsiAllocateAndGetTable',
'NsiGetAllParameters',
'GetIfEntry2',
'CreateSortedAddressPairs',
'NsiDeregisterChangeNotification',
'NsiRegisterChangeNotification',
'ConvertInterfaceLuidToIndex',
'ConvertInterfaceGuidToLuid',
'NmrRegisterClient',
'NmrDeregisterClient',
'NmrWaitForClientDeregisterComplete',
'NmrClientAttachProvider',
'GetIpInterfaceEntry',
'GetBestRoute2',
'RpcBindingCreateW',
'I_RpcExceptionFilter',
'RpcBindingBind',
'RpcBindingUnbind',
'RpcAsyncCancelCall',
'RpcAsyncCompleteCall',
'RpcAsyncInitializeHandle',
'Ndr64AsyncClientCall',
'RpcBindingFree'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 241,
'NumberOfSections': 11,
'OSVersion': 6,
'ResSize': 42992,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.edata\x00\x00': 4608,
'.pdata\x00\x00': 15360,
'.rdata\x00\x00': 32256,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 43008,
'.text\x00\x00\x00': 211456,
'ALMOSTRO': 512,
'INIT\x00\x00\x00\x00': 8704,
'PAGE\x00\x00\x00\x00': 47104,
'PAGEDATA': 0},
'StackReserveSize': 262144,
'filename': './data/malware/48889e272a054bcb255dd74fcec273a61da8d6789c842cf20c06fbec37ace1ee'},
'48b2050373ad48fa2848943c04e8b60c2fc5ad9c3f4c7bfd46b8c0ca09269312': {'AddressOfEntryPoint': 262700,
'DebugRVA': 275248,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 274432,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionUnbindClass',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoGetDeviceObjectPointer',
'IoStartNextPacket',
'PoStartNextPowerIrp',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoFreeIrp',
'RtlWriteRegistryValue',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'ObfDereferenceObject',
'IoInitializeRemoveLockEx',
'IoReleaseCancelSpinLock',
'IofCallDriver',
'IoRegisterShutdownNotification',
'ZwEnumerateValueKey',
'IoGetDeviceProperty',
'ZwEnumerateKey',
'KeClearEvent',
'KeInitializeMutex',
'KeSetEvent',
'KeInitializeEvent',
'KeReleaseSpinLock',
'KeReleaseMutex',
'KeWaitForSingleObject',
'KeAcquireSpinLockRaiseToDpc',
'IoBuildSynchronousFsdRequest',
'IoFreeWorkItem',
'IoAllocateWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoInitializeIrp',
'IoCreateSynchronizationEvent',
'ZwClose',
'ExEventObjectType',
'ObReferenceObjectByHandle',
'IoRegisterPlugPlayNotification',
'IoDetachDevice',
'wcsstr',
'IoUnregisterPlugPlayNotification',
'towlower',
'PoSetPowerState',
'ZwOpenKey',
'RtlUnicodeStringToAnsiString',
'RtlFreeAnsiString',
'KeInitializeDpc',
'KeInsertQueueDpc',
'KeSynchronizeExecution',
'MmUnmapLockedPages',
'ExFreePoolWithTag',
'MmBuildMdlForNonPagedPool',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'IoAllocateMdl',
'swprintf',
'PoRequestPowerIrp',
'IoCreateNotificationEvent',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'ZwCreateSection',
'ExQueueWorkItem',
'KeInitializeTimer',
'KeSetTimer',
'KeCancelTimer',
'KeSetTimerEx',
'ExAllocatePoolWithTag',
'IoBuildDeviceIoControlRequest',
'RtlAnsiStringToUnicodeString',
'RtlIntegerToUnicodeString',
'RtlInitAnsiString',
'KeDelayExecutionThread',
'RtlFreeUnicodeString',
'RtlAppendUnicodeStringToString',
'RtlCopyString',
'RtlCopyUnicodeString',
'ZwCreateFile',
'ZwWriteFile',
'RtlCheckRegistryKey',
'RtlCreateRegistryKey',
'strstr',
'KeBugCheckEx',
'IoCancelIrp',
'IoReleaseRemoveLockEx',
'RtlInitUnicodeString',
'PoRegisterSystemState',
'PoUnregisterSystemState',
'IoAcquireRemoveLockEx',
'KeQueryTimeIncrement',
'sprintf',
'RtlQueryRegistryValues',
'_purecall',
'__C_specific_handler',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionBind',
'WdfVersionBindClass',
'WdfVersionUnbind',
'WdfVersionUnbindClass'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 98,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 960,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 8192,
'.rdata\x00\x00': 19968,
'.reloc\x00\x00': 3584,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 270336,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/48b2050373ad48fa2848943c04e8b60c2fc5ad9c3f4c7bfd46b8c0ca09269312'},
'48cfe53b964beb5ba3f94fa557b3646fb002ff9c22a6b8456d31f143ec6bf376': {'AddressOfEntryPoint': 250944,
'DebugRVA': 262944,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 262144,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionBind',
'ntoskrnl.exe': '_purecall'},
'ImportedFunctions': ['ObfDereferenceObject',
'IoGetDeviceObjectPointer',
'RtlInitUnicodeString',
'IoStartNextPacket',
'PoUnregisterSystemState',
'PoRegisterSystemState',
'IoReleaseRemoveLockEx',
'IofCompleteRequest',
'PoStartNextPowerIrp',
'IoAcquireRemoveLockEx',
'IofCallDriver',
'IoReleaseRemoveLockAndWaitEx',
'PoSetPowerState',
'PoCallDriver',
'IoCancelIrp',
'IoReleaseCancelSpinLock',
'IoFreeIrp',
'IoRegisterShutdownNotification',
'RtlQueryRegistryValues',
'RtlCreateRegistryKey',
'RtlCheckRegistryKey',
'KeInitializeEvent',
'KeInitializeMutex',
'KeReleaseMutex',
'KeReleaseSpinLock',
'KeClearEvent',
'KeAcquireSpinLockRaiseToDpc',
'KeWaitForSingleObject',
'KeSetEvent',
'IoBuildSynchronousFsdRequest',
'IoInitializeIrp',
'IoFreeWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoAllocateWorkItem',
'IoCreateSynchronizationEvent',
'ZwClose',
'IoIsWdmVersionAvailable',
'ObReferenceObjectByHandle',
'ExEventObjectType',
'IoDetachDevice',
'IoAttachDeviceToDeviceStack',
'wcsstr',
'IoRegisterPlugPlayNotification',
'towlower',
'ZwEnumerateValueKey',
'ZwOpenKey',
'RtlFreeAnsiString',
'RtlUnicodeStringToAnsiString',
'KeSynchronizeExecution',
'KeInitializeDpc',
'KeInsertQueueDpc',
'ExFreePoolWithTag',
'__C_specific_handler',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'MmBuildMdlForNonPagedPool',
'IoAllocateMdl',
'MmUnmapLockedPages',
'PoRequestPowerIrp',
'swprintf',
'ZwCreateSection',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'IoCreateNotificationEvent',
'ExQueueWorkItem',
'KeSetTimer',
'KeCancelTimer',
'KeInitializeTimer',
'KeSetTimerEx',
'KeDelayExecutionThread',
'IoBuildDeviceIoControlRequest',
'RtlCopyUnicodeString',
'ExAllocatePoolWithTag',
'RtlIntegerToUnicodeString',
'RtlFreeUnicodeString',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlAppendUnicodeStringToString',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'IoCreateDevice',
'RtlWriteRegistryValue',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'sprintf',
'KeQueryTimeIncrement',
'IoUnregisterPlugPlayNotification',
'_purecall',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionUnbind',
'WdfVersionBind'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 95,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 928,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 13824,
'.rdata\x00\x00': 33792,
'.reloc\x00\x00': 3584,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 254976,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/48cfe53b964beb5ba3f94fa557b3646fb002ff9c22a6b8456d31f143ec6bf376'},
'4916a86b6c2b4b141a1b50635ac115c776274bc7b177e6a2d6585775b15514a5': {'AddressOfEntryPoint': 36964,
'DebugRVA': 24768,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NTOSKRNL.exe': 'KeBugCheckEx',
'PCIIDEX.SYS': 'AtaPortWriteRegisterUlong'},
'ImportedFunctions': ['AtaPortCopyMemory',
'AtaPortGetPhysicalAddress',
'AtaPortReadRegisterUlong',
'AtaPortInitializeEx',
'AtaPortDeviceStateChange',
'AtaPortEtwTraceLog',
'AtaPortRegistryFreeBuffer',
'AtaPortGetBusData',
'AtaPortRegistryRead',
'AtaPortRequestCallback',
'AtaPortStallExecution',
'AtaPortGetUnCachedExtension',
'AtaPortReadRegisterUchar',
'AtaPortBuildRequestSenseIrb',
'AtaPortReleaseRequestSenseIrb',
'AtaPortCompleteRequest',
'AtaPortNotification',
'AtaPortGetDeviceBase',
'AtaPortGetScatterGatherList',
'AtaPortRegistryAllocateBuffer',
'AtaPortWriteRegisterUlong',
'KeBugCheckEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 22,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1024,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 17408,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/4916a86b6c2b4b141a1b50635ac115c776274bc7b177e6a2d6585775b15514a5'},
'4919847f6e5f4ba757ab6b55f3599e8369f785b0c63b091b6e3051e0316acbfd': {'AddressOfEntryPoint': 33652,
'DebugRVA': 20944,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 20480,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'FLTMGR.SYS': 'FltCancelFileOpen',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoAttachDeviceToDeviceStackSafe',
'ZwReadFile',
'RtlCompareUnicodeString',
'RtlInitUnicodeString',
'ZwClose',
'ExpInterlockedPushEntrySList',
'ExpInterlockedPopEntrySList',
'ExQueryDepthSList',
'KeBugCheckEx',
'ExInitializeNPagedLookasideList',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateWorkItem',
'ExFreePoolWithTag',
'ExAllocatePool',
'IoRegisterFsRegistrationChange',
'ExDeleteNPagedLookasideList',
'ExAllocatePoolWithTag',
'IoThreadToProcess',
'PsGetProcessId',
'IoUnregisterFsRegistrationChange',
'IoDetachDevice',
'ExQueueWorkItem',
'ZwWriteFile',
'KeReleaseSpinLock',
'IoQueueWorkItem',
'IoCreateDevice',
'ObfDereferenceObject',
'ZwQueryInformationProcess',
'IoFreeWorkItem',
'ZwOpenProcess',
'IoDeleteDevice',
'__C_specific_handler',
'FltClose',
'FltAttachVolume',
'FltCreateFile',
'FltGetVolumeFromName',
'FltSendMessage',
'FltFreeSecurityDescriptor',
'FltStartFiltering',
'FltGetVolumeFromDeviceObject',
'FltReleaseFileNameInformation',
'FltRegisterFilter',
'FltGetDeviceObject',
'FltObjectDereference',
'FltBuildDefaultSecurityDescriptor',
'FltGetVolumeName',
'FltCreateCommunicationPort',
'FltCloseCommunicationPort',
'FltEnumerateVolumes',
'FltUnregisterFilter',
'FltCloseClientPort',
'FltGetBottomInstance',
'FltGetFileNameInformation',
'FltCancelFileOpen'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 55,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.text\x00\x00\x00': 14336,
'INIT\x00\x00\x00\x00': 3072},
'StackReserveSize': 262144,
'filename': './data/malware/4919847f6e5f4ba757ab6b55f3599e8369f785b0c63b091b6e3051e0316acbfd'},
'491b05cb3f9adc92619272c191c9db67c6eddad4cdba8a179f5678749de800ac': {'AddressOfEntryPoint': 1074003813,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 180224,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'CRYPT32.dll': 'CertOpenStore',
'KERNEL32.dll': 'GetConsoleMode',
'PSAPI.DLL': 'GetModuleFileNameExW',
'SHELL32.dll': 'ShellExecuteExW',
'SHLWAPI.dll': 'StrStrIW',
'USER32.dll': 'DdeUninitialize',
'VERSION.dll': 'VerQueryValueA',
'WINTRUST.dll': 'WTHelperProvDataFromStateData',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['DdeCreateStringHandleW',
'DdeDisconnect',
'DdeGetLastError',
'DdeClientTransaction',
'DdeFreeStringHandle',
'DdeInitializeW',
'WaitForInputIdle',
'DdeConnect',
'DdeUninitialize',
'ShellExecuteExW',
'GetModuleFileNameExW',
'RegQueryValueExA',
'RegDeleteKeyW',
'RegCreateKeyExW',
'RegSetValueExW',
'RegOpenKeyExA',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegEnumKeyExW',
'RegCloseKey',
'StrStrIW',
'CoInitialize',
'CoCreateInstance',
'WTHelperGetProvSignerFromChain',
'WTHelperProvDataFromStateData',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'FlushFileBuffers',
'CloseHandle',
'GetLongPathNameW',
'WideCharToMultiByte',
'GetProcAddress',
'OpenProcess',
'GetModuleFileNameW',
'GetCurrentProcess',
'UnmapViewOfFile',
'MapViewOfFile',
'OpenFileMappingA',
'Sleep',
'ExpandEnvironmentStringsW',
'GetVersionExA',
'GetLastError',
'CreateProcessW',
'GetFileAttributesW',
'FindClose',
'FindFirstFileW',
'GetWindowsDirectoryW',
'FreeLibrary',
'LoadLibraryA',
'GetWindowsDirectoryA',
'MultiByteToWideChar',
'lstrlenA',
'lstrcmpA',
'SetLastError',
'LoadLibraryW',
'lstrlenW',
'GetFileType',
'CreateFileA',
'LocalFree',
'GetSystemTime',
'FormatMessageW',
'GetCurrentThreadId',
'OutputDebugStringA',
'ReadFile',
'SetFilePointer',
'GetACP',
'WriteFile',
'GetFileSize',
'CreateFileW',
'CreateMutexA',
'WaitForSingleObject',
'ReleaseMutex',
'InitializeCriticalSectionAndSpinCount',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'TlsGetValue',
'TlsSetValue',
'HeapAlloc',
'GetProcessHeap',
'HeapFree',
'OpenThread',
'TlsAlloc',
'TlsFree',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'GetCurrentProcessId',
'LocalFileTimeToFileTime',
'SystemTimeToFileTime',
'GetFileSizeEx',
'SetFilePointerEx',
'DeviceIoControl',
'GetSystemTimeAsFileTime',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'GetCommandLineA',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'HeapReAlloc',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetCPInfo',
'GetOEMCP',
'IsValidCodePage',
'GetModuleHandleW',
'ExitProcess',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'HeapSize',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'GetConsoleCP',
'GetConsoleMode',
'CertGetCertificateContextProperty',
'CertGetNameStringW',
'CertGetNameStringA',
'CryptMsgClose',
'CertCloseStore',
'CryptMsgUpdate',
'CryptMsgOpenToDecode',
'CertOpenStore'],
'LinkerVersion': 9,
'NumberOfImportDLL': 10,
'NumberOfImportFunctions': 148,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 15664,
'SectionNames': {'!\x19\x04\x00c\x00\x00\x00': 15872,
'.data\x00\x00\x00': 8192,
'.pdata\x00\x00': 9728,
'.rdata\x00\x00': 47104,
'.text\x00\x00\x00': 173056},
'StackReserveSize': 1048576,
'filename': './data/malware/491b05cb3f9adc92619272c191c9db67c6eddad4cdba8a179f5678749de800ac'},
'49290e5cb88e66762409c2bb3ec2463f44d9cd8d56020edf53f55a9b715a8d64': {'AddressOfEntryPoint': 3221233868,
'DebugRVA': 4656,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4194304,
'ImageVersion': 5,
'ImportedDLL': {'KERNEL32.dll': 'RtlCaptureContext',
'newdev.dll': 'UpdateDriverForPlugAndPlayDevicesA'},
'ImportedFunctions': ['GetCommandLineA',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'ExitProcess',
'GetProcAddress',
'GetModuleHandleA',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetLastError',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'LoadLibraryA',
'Sleep',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'SetFilePointer',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'FlushFileBuffers',
'SetStdHandle',
'GetLocaleInfoA',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'CloseHandle',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'SetUnhandledExceptionFilter',
'RtlCaptureContext',
'UpdateDriverForPlugAndPlayDevicesA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 55,
'NumberOfSections': 3,
'OSVersion': 5,
'ResSize': 0,
'StackReserveSize': 524288,
'filename': './data/malware/49290e5cb88e66762409c2bb3ec2463f44d9cd8d56020edf53f55a9b715a8d64'},
'4a287131352410c1e0c0139a2bfe45989209f7aede866817d89e857ade8a7658': {'AddressOfEntryPoint': 1073793501,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueExA',
'KERNEL32.dll': 'GetExitCodeProcess',
'USER32.dll': 'TranslateMessage',
'msvcp60.dll': '??0Init@ios_base@std@@QEAA@XZ',
'msvcrt.dll': '_c_exit',
'ntdll.dll': '__chkstk'},
'ImportedFunctions': ['memset',
'strstr',
'_strnicmp',
'memcpy',
'NtTerminateProcess',
'RtlUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'__C_specific_handler',
'__chkstk',
'GetStartupInfoA',
'lstrcpynA',
'lstrcpyA',
'CreateProcessA',
'CloseHandle',
'GetExitCodeProcess',
'MsgWaitForMultipleObjects',
'DispatchMessageA',
'PeekMessageA',
'LoadIconA',
'TranslateMessage',
'RegOpenKeyExA',
'RegQueryValueExA',
'??0_Winit@std@@QEAA@XZ',
'??1_Winit@std@@QEAA@XZ',
'??1Init@ios_base@std@@QEAA@XZ',
'??0Init@ios_base@std@@QEAA@XZ',
'__getmainargs',
'_initterm',
'__setusermatherr',
'exit',
'_cexit',
'_exit',
'_commode',
'_fmode',
'__set_app_type',
'_acmdln',
'strtok',
'__dllonexit',
'_onexit',
'_XcptFilter',
'_c_exit'],
'LinkerVersion': 8,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 43,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 43784,
'StackReserveSize': 1048576,
'filename': './data/malware/4a287131352410c1e0c0139a2bfe45989209f7aede866817d89e857ade8a7658'},
'4a923f5859ac948959e116870857e2cd7972167acdedef65fc7ecd373d4892a4': {'AddressOfEntryPoint': 1073825305,
'DebugRVA': 12976,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'OutputDebugStringW',
'MSVCR80.dll': '__CxxFrameHandler3',
'USER32.dll': 'LoadAcceleratorsW',
'ole32.dll': 'CLSIDFromProgID'},
'ImportedFunctions': ['GetTickCount',
'Sleep',
'LocalFree',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'QueryPerformanceCounter',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetStartupInfoW',
'OutputDebugStringW',
'RegisterClassExW',
'LoadStringW',
'EndDialog',
'EndPaint',
'BeginPaint',
'DefWindowProcW',
'DestroyWindow',
'DialogBoxParamW',
'SetTimer',
'KillTimer',
'UpdateWindow',
'ShowWindow',
'CreateWindowExW',
'PostQuitMessage',
'LoadCursorW',
'LoadIconW',
'DispatchMessageW',
'TranslateMessage',
'TranslateAcceleratorW',
'GetMessageW',
'LoadAcceleratorsW',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCloseKey',
'CoUninitialize',
'CoCreateInstance',
'CoInitializeEx',
'CLSIDFromProgID',
'_lock',
'_wcsicmp',
'_CxxThrowException',
'_onexit',
'_decode_pointer',
'__dllonexit',
'_unlock',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'?terminate@@YAXXZ',
'__crt_debugger_hook',
'__set_app_type',
'_encode_pointer',
'_fmode',
'_commode',
'__setusermatherr',
'_configthreadlocale',
'??3@YAXPEAX@Z',
'_vswprintf',
'_amsg_exit',
'__wgetmainargs',
'__C_specific_handler',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_initterm_e',
'__CxxFrameHandler3'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 74,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 49116,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 6656,
'.text\x00\x00\x00': 7168,
'hW\x01\x00c\x00\x00\x00': 49152},
'StackReserveSize': 1048576,
'filename': './data/malware/4a923f5859ac948959e116870857e2cd7972167acdedef65fc7ecd373d4892a4'},
'4aac6b77c7c48d212ba41a231f62792100ef4b05e5087b9c1feb8a71e63f4e5a': {'AddressOfEntryPoint': 405692,
'DebugRVA': 4912,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 68728,
'SectionNames': {'.npdata\x00': 1024,
'.pdata\x00\x00': 17408,
'.rdata\x00\x00': 40448,
'.reloc\x00\x00': 4096,
'.rsrc\x00\x00\x00': 69120,
'INIT\x00\x00\x00\x00': 3584,
'PAGE\x00\x00\x00\x00': 301056,
'PAGED\x00\x00\x00': 31232},
'StackReserveSize': 262144,
'filename': './data/malware/4aac6b77c7c48d212ba41a231f62792100ef4b05e5087b9c1feb8a71e63f4e5a'},
'4af8f703ab6535ed70c03c6e98e1ad040589ceb79726a531d49a7acbac7ad624': {'AddressOfEntryPoint': 253888,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 352256,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'VirtualAlloc',
'OLEAUT32.dll': 'VariantCopy',
'SETUPAPI.dll': 'SetupFindFirstLineA',
'SHELL32.dll': 'ShellExecuteA',
'SHLWAPI.dll': 'PathIsUNCA',
'USER32.dll': 'SetMenuItemBitmaps',
'VERSION.dll': 'VerQueryValueA',
'WINSPOOL.DRV': 'OpenPrinterA',
'comdlg32.dll': 'GetFileTitleA',
'newdev.dll': 'UpdateDriverForPlugAndPlayDevicesA',
'ole32.dll': 'CoRevokeClassObject'},
'ImportedFunctions': ['SetupDiOpenDevRegKey',
'SetupCopyOEMInfA',
'SetupOpenInfFileA',
'SetupCloseInfFile',
'SetupGetTargetPathA',
'SetupFindNextLine',
'SetupDiGetClassDevsA',
'SetupDiGetDeviceInstanceIdA',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiSetClassInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiGetDeviceInstallParamsA',
'SetupDiGetDeviceInfoListDetailA',
'CM_Get_DevNode_Status_Ex',
'SetupGetStringFieldA',
'SetupFindFirstLineA',
'UpdateDriverForPlugAndPlayDevicesA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'GlobalFlags',
'GetThreadLocale',
'ReadFile',
'SetFilePointer',
'FlushFileBuffers',
'LockFile',
'UnlockFile',
'SetEndOfFile',
'GetFileSize',
'DuplicateHandle',
'GetVolumeInformationA',
'GetFullPathNameA',
'GetCPInfo',
'GetOEMCP',
'FileTimeToSystemTime',
'SetErrorMode',
'FileTimeToLocalFileTime',
'GetFileAttributesA',
'GetFileTime',
'GetTickCount',
'HeapAlloc',
'HeapFree',
'HeapReAlloc',
'VirtualProtect',
'GetSystemInfo',
'VirtualQuery',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'ExitProcess',
'GetProcessHeap',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'HeapSize',
'GetStdHandle',
'HeapSetInformation',
'HeapCreate',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlVirtualUnwind',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'GetACP',
'IsValidCodePage',
'LCMapStringA',
'LCMapStringW',
'SetHandleCount',
'GetFileType',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'GetStringTypeA',
'GetStringTypeW',
'GetTimeZoneInformation',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'SetEnvironmentVariableA',
'WritePrivateProfileStringA',
'TlsFree',
'DeleteCriticalSection',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'GlobalGetAtomNameA',
'GlobalFindAtomA',
'lstrcmpW',
'GetModuleFileNameW',
'FreeResource',
'GetCurrentProcessId',
'GlobalAddAtomA',
'GlobalDeleteAtom',
'GetCurrentThread',
'GetCurrentThreadId',
'ConvertDefaultLocale',
'EnumResourceLanguagesA',
'GetLocaleInfoA',
'lstrcmpA',
'GlobalLock',
'GlobalUnlock',
'MulDiv',
'SetLastError',
'CreateThread',
'lstrcpyA',
'SetFileAttributesA',
'DeleteFileA',
'FindFirstFileA',
'FindClose',
'FindNextFileA',
'GetModuleFileNameA',
'GlobalAlloc',
'GlobalFree',
'GetCommandLineA',
'CreateProcessA',
'WaitForSingleObject',
'GetExitCodeProcess',
'Sleep',
'GetModuleHandleA',
'GetVersionExA',
'GetSystemDefaultLangID',
'GetUserDefaultLangID',
'CreateFileA',
'WriteFile',
'CloseHandle',
'GetWindowsDirectoryA',
'lstrcatA',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'LocalAlloc',
'FormatMessageA',
'LocalFree',
'GetCurrentProcess',
'FindResourceA',
'LoadResource',
'LockResource',
'SizeofResource',
'lstrlenA',
'CompareStringW',
'CompareStringA',
'GetVersion',
'GetLastError',
'WideCharToMultiByte',
'MultiByteToWideChar',
'VirtualAlloc',
'UnregisterClassA',
'DestroyMenu',
'RegisterClipboardFormatA',
'PostThreadMessageA',
'SetCapture',
'GetSysColorBrush',
'EndPaint',
'BeginPaint',
'GetWindowDC',
'ClientToScreen',
'GrayStringA',
'DrawTextExA',
'DrawTextA',
'TabbedTextOutA',
'ShowWindow',
'MoveWindow',
'SetWindowTextA',
'IsDialogMessageA',
'RegisterWindowMessageA',
'SendDlgItemMessageA',
'WinHelpA',
'IsChild',
'GetCapture',
'GetClassLongA',
'GetClassNameA',
'GetClassLongPtrA',
'SetPropA',
'GetPropA',
'RemovePropA',
'SetFocus',
'GetWindowTextA',
'GetForegroundWindow',
'GetTopWindow',
'GetWindowLongPtrA',
'SetWindowLongPtrA',
'GetMessageTime',
'GetMessagePos',
'MessageBeep',
'UpdateWindow',
'GetMenu',
'CreateWindowExA',
'GetClassInfoExA',
'GetClassInfoA',
'RegisterClassA',
'GetSysColor',
'AdjustWindowRectEx',
'EqualRect',
'PtInRect',
'GetDlgCtrlID',
'DefWindowProcA',
'CallWindowProcA',
'SetWindowLongA',
'OffsetRect',
'IntersectRect',
'SystemParametersInfoA',
'GetWindowPlacement',
'GetWindowRect',
'UnhookWindowsHookEx',
'GetWindow',
'SetWindowContextHelpId',
'MapDialogRect',
'SetWindowPos',
'ReleaseDC',
'GetDC',
'CopyRect',
'GetDesktopWindow',
'SetActiveWindow',
'CharUpperA',
'DrawIcon',
'SendMessageA',
'CreateDialogIndirectParamA',
'DestroyWindow',
'IsWindow',
'GetDlgItem',
'GetNextDlgTabItem',
'EndDialog',
'GetWindowThreadProcessId',
'GetWindowLongA',
'GetLastActivePopup',
'IsWindowEnabled',
'SetWindowsHookExA',
'CallNextHookEx',
'GetMessageA',
'TranslateMessage',
'DispatchMessageA',
'GetActiveWindow',
'IsWindowVisible',
'GetKeyState',
'PeekMessageA',
'GetCursorPos',
'ValidateRect',
'GetNextDlgGroupItem',
'InvalidateRgn',
'InvalidateRect',
'SetRect',
'IsRectEmpty',
'CopyAcceleratorTableA',
'CharNextA',
'MapWindowPoints',
'ReleaseCapture',
'IsIconic',
'GetClientRect',
'SetForegroundWindow',
'LoadIconA',
'EnableWindow',
'GetSystemMetrics',
'ExitWindowsEx',
'MessageBoxA',
'SetCursor',
'LoadCursorA',
'GetSubMenu',
'GetMenuItemCount',
'GetMenuItemID',
'GetMenuState',
'PostQuitMessage',
'PostMessageA',
'CheckMenuItem',
'EnableMenuItem',
'ModifyMenuA',
'GetParent',
'GetFocus',
'LoadBitmapA',
'GetMenuCheckMarkDimensions',
'SetMenuItemBitmaps',
'ExtSelectClipRgn',
'DeleteDC',
'GetStockObject',
'GetMapMode',
'GetBkColor',
'GetTextColor',
'GetRgnBox',
'SetMapMode',
'RestoreDC',
'SaveDC',
'GetObjectA',
'SetBkColor',
'SetTextColor',
'GetClipBox',
'CreateRectRgnIndirect',
'CreateBitmap',
'GetDeviceCaps',
'ScaleWindowExtEx',
'SetWindowExtEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'SelectObject',
'Escape',
'ExtTextOutA',
'TextOutA',
'RectVisible',
'PtVisible',
'GetWindowExtEx',
'GetViewportExtEx',
'DeleteObject',
'GetFileTitleA',
'ClosePrinter',
'DocumentPropertiesA',
'OpenPrinterA',
'RegQueryValueA',
'RegEnumKeyA',
'RegDeleteKeyA',
'RegCreateKeyA',
'RegSetValueExA',
'RegQueryValueExA',
'RegOpenKeyA',
'RegDeleteValueA',
'RegOpenKeyExA',
'RegEnumKeyExA',
'RegCloseKey',
'OpenProcessToken',
'LookupPrivilegeValueA',
'AdjustTokenPrivileges',
'RegCreateKeyExA',
'ShellExecuteA',
'PathFindExtensionA',
'PathFindFileNameA',
'PathStripToRootA',
'SHDeleteKeyA',
'PathIsUNCA',
'CreateILockBytesOnHGlobal',
'StgCreateDocfileOnILockBytes',
'StgOpenStorageOnILockBytes',
'CoGetClassObject',
'CLSIDFromString',
'CLSIDFromProgID',
'CoTaskMemAlloc',
'CoTaskMemFree',
'OleUninitialize',
'CoFreeUnusedLibraries',
'OleInitialize',
'OleFlushClipboard',
'CoRegisterMessageFilter',
'OleIsCurrentClipboard',
'CoRevokeClassObject',
'SysFreeString',
'SysAllocStringLen',
'VariantClear',
'VariantChangeType',
'VariantInit',
'SysStringLen',
'SysAllocStringByteLen',
'OleCreateFontIndirect',
'VariantTimeToSystemTime',
'SystemTimeToVariantTime',
'SafeArrayDestroy',
'SysAllocString',
'VariantCopy'],
'LinkerVersion': 8,
'NumberOfImportDLL': 14,
'NumberOfImportFunctions': 373,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 1165144,
'SectionNames': {'.data\x00\x00\x00': 13824,
'.pdata\x00\x00': 24576,
'.rdata\x00\x00': 119296,
'.rsrc\x00\x00\x00': 1165312,
'.text\x00\x00\x00': 347648},
'StackReserveSize': 1048576,
'filename': './data/malware/4af8f703ab6535ed70c03c6e98e1ad040589ceb79726a531d49a7acbac7ad624'},
'4b18da73cd54b742d727f1b3b70fc64942de916ce0ea7d4139d22f4625de4645': {'AddressOfEntryPoint': 18492,
'DebugRVA': 49776,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'HeapReAlloc'},
'ImportedFunctions': ['WriteProcessMemory',
'VirtualProtectEx',
'GetProcAddress',
'GetModuleHandleW',
'ReadProcessMemory',
'WideCharToMultiByte',
'OpenProcess',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'GetLastError',
'FlsAlloc',
'HeapAlloc',
'HeapFree',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'Sleep',
'ExitProcess',
'GetModuleFileNameW',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'LoadLibraryA',
'GetLocaleInfoA',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'InitializeCriticalSectionAndSpinCount',
'HeapReAlloc'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 65,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1424,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 14848,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 42496},
'StackReserveSize': 1048576,
'filename': './data/malware/4b18da73cd54b742d727f1b3b70fc64942de916ce0ea7d4139d22f4625de4645'},
'4b918308a9548fef214a00d9d332378a92132d9247d3a2f0e9230ec59137f4eb': {'AddressOfEntryPoint': 1073843965,
'DebugRVA': 51184,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExA',
'KERNEL32.dll': 'WideCharToMultiByte',
'MSVCR80.dll': '_initterm_e',
'OLEAUT32.dll': 'VariantClear',
'USER32.dll': 'CharUpperA',
'WINSPOOL.DRV': 'GetPrinterA',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'?terminate@@YAXXZ',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'__crt_debugger_hook',
'_initterm',
'_acmdln',
'exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__getmainargs',
'_amsg_exit',
'_decode_pointer',
'_onexit',
'_lock',
'__dllonexit',
'_encode_pointer',
'_unlock',
'__C_specific_handler',
'wcslen',
'strncmp',
'strtod',
'_stricmp',
'strstr',
'_recalloc',
'calloc',
'wcscpy_s',
'memcpy',
'strrchr',
'_strlwr',
'_resetstkoflw',
'fopen',
'fprintf',
'malloc',
'strtoul',
'__CxxFrameHandler3',
'vsprintf',
'memset',
'_wcsicmp',
'_setmbcp',
'fclose',
'fwrite',
'_wfopen',
'free',
'_initterm_e',
'GetVersion',
'lstrlenW',
'CompareStringA',
'CompareStringW',
'lstrcmpiA',
'lstrcmpiW',
'GetEnvironmentVariableA',
'GetEnvironmentVariableW',
'GetStringTypeExA',
'GetStringTypeExW',
'Sleep',
'GetStartupInfoA',
'GetLastError',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'lstrlenA',
'MultiByteToWideChar',
'TerminateProcess',
'OutputDebugStringA',
'GetACP',
'GetLocaleInfoA',
'GetThreadLocale',
'GetVersionExA',
'WideCharToMultiByte',
'EnableWindow',
'CharUpperW',
'PostThreadMessageA',
'KillTimer',
'SetTimer',
'CharLowerA',
'CharLowerW',
'CharUpperA',
'ClosePrinter',
'OpenPrinterA',
'GetPrinterA',
'RegQueryValueExA',
'RegCloseKey',
'RegOpenKeyExA',
'CoInitialize',
'CoCreateInstance',
'SysFreeString',
'VariantInit',
'SysAllocString',
'VariantClear'],
'LinkerVersion': 8,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 104,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 1880,
'StackReserveSize': 1048576,
'filename': './data/malware/4b918308a9548fef214a00d9d332378a92132d9247d3a2f0e9230ec59137f4eb'},
'4bdf030e2a349281208f8913ebd504a14b7245f5490b6dcec6037dbd0e6a6983': {'AddressOfEntryPoint': 42125596,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 39935056,
'ExportSize': 53012,
'IATRVA': 39930088,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryInfoKeyA',
'COMCTL32.dll': 'InitCommonControlsEx',
'COMDLG32.dll': 'GetOpenFileNameA',
'GDI32.dll': 'GetStockObject',
'KERNEL32.dll': 'ExitProcess',
'NETAPI32.dll': 'Netbios',
'OLEAUT32.dll': 'VariantChangeType',
'SHELL32.dll': 'ShellExecuteA',
'SHLWAPI.dll': 'StrCatW',
'USER32.dll': 'MessageBoxA',
'WININET.dll': 'InternetCloseHandle',
'WS2_32.dll': 'connect',
'd3d9.dll': 'Direct3DCreate9',
'd3dx9_38.dll': 'D3DXGetShaderConstantTable',
'ole32.dll': 'CoInitializeEx',
'tbb.dll': '?allocate@allocate_child_proxy@internal@tbb@@QEBAAEAVtask@3@_K@Z',
'tbbmalloc.dll': 'scalable_malloc'},
'ImportedFunctions': ['connect',
'StrCatW',
'CreateDirectoryA',
'SetCursorPos',
'GetStockObject',
'GetOpenFileNameA',
'RegQueryInfoKeyA',
'ShellExecuteA',
'CoInitializeEx',
'VariantChangeType',
'scalable_malloc',
'?allocate@allocate_child_proxy@internal@tbb@@QEBAAEAVtask@3@_K@Z',
'Netbios',
'InitCommonControlsEx',
'Direct3DCreate9',
'D3DXGetShaderConstantTable',
'InternetCloseHandle',
'MessageBoxA',
'GetModuleHandleA',
'LoadLibraryA',
'LocalAlloc',
'LocalFree',
'GetModuleFileNameA',
'ExitProcess'],
'LinkerVersion': 9,
'NumberOfImportDLL': 19,
'NumberOfImportFunctions': 24,
'NumberOfSections': 9,
'OSVersion': 5,
'ResSize': 357608,
'SectionNames': {'.data\x00\x00\x00': 0,
'.data1\x00\x00': 0,
'.pdata\x00\x00': 0,
'.rdata\x00\x00': 0,
'.rsrc\x00\x00\x00': 38400,
'.text\x00\x00\x00': 0,
'.tls\x00\x00\x00\x00': 512,
'.vmp0\x00\x00\x00': 0,
'.vmp1\x00\x00\x00': 11187712},
'StackReserveSize': 1048576,
'filename': './data/malware/4bdf030e2a349281208f8913ebd504a14b7245f5490b6dcec6037dbd0e6a6983'},
'4c35825542adb5df5ce569fe4131a28052cd3faf32d4ea8f3d494f2e54f8a965': {'AddressOfEntryPoint': 1078685393,
'DebugRVA': 726688,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 716800,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'CRYPT32.dll': 'CryptStringToBinaryW',
'GDI32.dll': 'GetBitmapBits',
'IPHLPAPI.DLL': 'GetAdaptersInfo',
'KERNEL32.dll': 'RtlCaptureContext',
'MPR.dll': 'WNetCloseEnum',
'MSIMG32.dll': 'TransparentBlt',
'MSVCP90.dll': '?_Lockit_ctor@_Lockit@std@@SAXH@Z',
'MSVCR90.dll': 'strncpy',
'NETAPI32.dll': 'NetShareAdd',
'OLEAUT32.dll': 'SysStringByteLen',
'RASAPI32.dll': 'RasEnumEntriesW',
'RPCRT4.dll': 'RpcStringFreeW',
'SHELL32.dll': 'ShellExecuteW',
'SHLWAPI.dll': 'SHDeleteKeyW',
'USER32.dll': 'GetWindowRect',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'HttpOpenRequestW',
'WINSPOOL.DRV': 'EnumPrintersW',
'WS2_32.dll': 'WSAGetLastError',
'eappcfg.dll': 'EapHostPeerFreeMemory',
'mscoree.dll': '_CorExeMain',
'msvcm90.dll': '?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@PE$AAVException@3@@Z',
'ole32.dll': 'CoCreateGuid'},
'ImportedFunctions': ['_time64',
'wcscpy_s',
'wcsncpy',
'memmove_s',
'__RTDynamicCast',
'_mktime64',
'wcstok',
'_wtoi',
'_CxxThrowException',
'_invalid_parameter_noinfo',
'??0exception@std@@QEAA@XZ',
'??0exception@std@@QEAA@AEBQEBD@Z',
'_wcsdup',
'_vswprintf',
'free',
'??1exception@std@@UEAA@XZ',
'__CxxQueryExceptionSize',
'__CxxExceptionFilter',
'__CxxRegisterExceptionObject',
'__CxxDetectRethrow',
'__CxxUnregisterExceptionObject',
'fclose',
'isdigit',
'vswprintf_s',
'?what@exception@std@@UEBAPEBDXZ',
'??0exception@std@@QEAA@AEBV01@@Z',
'fread',
'__CxxFrameHandler3',
'__wgetmainargs',
'__C_specific_handler',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'_encode_pointer',
'__set_app_type',
'?terminate@@YAXXZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'_wfopen',
'wcsstr',
'fwrite',
'fsetpos',
'fseek',
'fgetpos',
'_stricmp',
'fflush',
'wcsftime',
'_localtime64_s',
'_wcsupr',
'wcstoul',
'memcpy_s',
'strtoul',
'srand',
'rand',
'malloc',
'_wcsnicmp',
'qsort',
'_purecall',
'wcscat_s',
'fgetws',
'isxdigit',
'_amsg_exit',
'__crt_debugger_hook',
'mbstowcs',
'_encoded_null',
'abort',
'__FrameUnwindFilter',
'wcschr',
'_itow_s',
'memmove',
'strcpy_s',
'_waccess',
'ceilf',
'isalpha',
'strncpy',
'LoadLibraryW',
'FreeLibrary',
'SetProcessShutdownParameters',
'GetProcAddress',
'SetConsoleCtrlHandler',
'GetStdHandle',
'AllocConsole',
'GetModuleFileNameW',
'CreateMutexW',
'CreateDirectoryW',
'FindResourceW',
'LoadResource',
'GetLastError',
'WinExec',
'GetProcessShutdownParameters',
'GetWindowsDirectoryW',
'GetTempPathW',
'GetModuleHandleW',
'GetDateFormatW',
'lstrcmpiW',
'GetVersionExW',
'LockResource',
'GlobalAddAtomW',
'GetFileAttributesW',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'SetUnhandledExceptionFilter',
'GetStartupInfoW',
'Sleep',
'lstrcpyW',
'InitializeCriticalSection',
'DeleteCriticalSection',
'SetEvent',
'WaitForSingleObject',
'GetTempFileNameW',
'WideCharToMultiByte',
'MoveFileExW',
'ResumeThread',
'TerminateThread',
'GetExitCodeThread',
'SleepEx',
'SetLastError',
'lstrcpynW',
'FreeResource',
'FindResourceExW',
'GetUserDefaultLangID',
'EnumResourceNamesW',
'SetThreadLocale',
'GetThreadLocale',
'LeaveCriticalSection',
'EnterCriticalSection',
'MultiByteToWideChar',
'lstrlenW',
'FormatMessageW',
'WriteConsoleInputW',
'FlushConsoleInputBuffer',
'CloseHandle',
'OpenMutexW',
'GetCurrentProcess',
'GetExitCodeProcess',
'CreateProcessW',
'GetSystemDirectoryW',
'LocalFree',
'ExpandEnvironmentStringsW',
'CreateEventW',
'LocalAlloc',
'SetFileAttributesW',
'GetComputerNameW',
'GlobalFree',
'GlobalAlloc',
'ReadFile',
'GetFileSize',
'CreateFileW',
'lstrlenA',
'GetShortPathNameW',
'HeapAlloc',
'HeapFree',
'GetProcessHeap',
'GetConsoleWindow',
'ResetEvent',
'WaitForMultipleObjects',
'lstrcmpW',
'GetDriveTypeW',
'GetOverlappedResult',
'LoadLibraryA',
'ExpandEnvironmentStringsA',
'TerminateProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'CallWindowProcW',
'SetWindowLongPtrW',
'DeleteMenu',
'AppendMenuW',
'EnableMenuItem',
'GetMenuItemCount',
'GetSubMenu',
'ModifyMenuW',
'SetForegroundWindow',
'GetCursorPos',
'BroadcastSystemMessageW',
'CheckMenuItem',
'IsIconic',
'EqualRect',
'FrameRect',
'RegisterWindowMessageW',
'DrawFocusRect',
'GetClientRect',
'GetClassInfoW',
'EnableScrollBar',
'ScrollWindow',
'SetParent',
'GetWindowLongPtrW',
'InflateRect',
'LoadBitmapW',
'CreatePopupMenu',
'ScreenToClient',
'ReleaseDC',
'GetDCEx',
'RegisterHotKey',
'SetCapture',
'MessageBeep',
'SystemParametersInfoW',
'ReleaseCapture',
'GetSystemMetrics',
'PtInRect',
'UnionRect',
'DrawEdge',
'DrawFrameControl',
'ClientToScreen',
'GetDC',
'IsWindowVisible',
'GetFocus',
'TabbedTextOutW',
'DrawTextW',
'DrawTextExW',
'GrayStringW',
'GetSysColor',
'GetMessagePos',
'GetWindow',
'GetWindowLongW',
'SetMenuItemInfoW',
'LoadStringW',
'GetMenuState',
'IsMenu',
'ShowWindow',
'PostThreadMessageW',
'PostMessageW',
'IsWindow',
'CharUpperW',
'CopyIcon',
'SetCursor',
'UnregisterHotKey',
'PostQuitMessage',
'LoadCursorW',
'InvalidateRect',
'GetParent',
'LoadMenuW',
'KillTimer',
'SetTimer',
'LoadIconW',
'GetDesktopWindow',
'PeekMessageW',
'TranslateMessage',
'UpdateWindow',
'SendMessageW',
'DispatchMessageW',
'SetWindowPos',
'BringWindowToTop',
'EnableWindow',
'RedrawWindow',
'GetWindowRect',
'CryptGetUserKey',
'RegEnumValueW',
'RegEnumKeyExW',
'GetUserNameW',
'FreeSid',
'LookupAccountSidW',
'AllocateAndInitializeSid',
'RegQueryValueExW',
'RegSetValueExW',
'RegDeleteKeyW',
'RegDeleteValueW',
'RegNotifyChangeKeyValue',
'RegQueryInfoKeyW',
'RegCreateKeyExW',
'CryptSetProvParam',
'CryptGetProvParam',
'CryptDestroyKey',
'CryptReleaseContext',
'CryptGenKey',
'RegCloseKey',
'CryptAcquireContextW',
'CryptDestroyHash',
'CryptDecrypt',
'CryptEncrypt',
'CryptDeriveKey',
'CryptHashData',
'CryptCreateHash',
'IsTextUnicode',
'SetSecurityDescriptorDacl',
'InitializeSecurityDescriptor',
'SetEntriesInAclW',
'LogonUserW',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegOpenKeyExW',
'SysAllocStringByteLen',
'VariantCopy',
'SysFreeString',
'SysStringByteLen',
'GetInterfaceInfo',
'IpReleaseAddress',
'IpRenewAddress',
'GetAdaptersAddresses',
'GetIfEntry',
'NotifyAddrChange',
'GetAdaptersInfo',
'EapHostPeerGetMethods',
'EapHostPeerFreeErrorMemory',
'EapHostPeerFreeMemory',
'UuidToStringW',
'UuidFromStringW',
'RpcStringFreeW',
'CryptBinaryToStringW',
'CryptStringToBinaryW',
'RasHangUpW',
'RasEnumConnectionsW',
'RasGetConnectStatusW',
'RasGetErrorStringW',
'RasDialW',
'RasGetEntryDialParamsW',
'RasGetEntryPropertiesW',
'RasEnumEntriesW',
'NetLocalGroupGetMembers',
'NetShareDel',
'NetApiBufferFree',
'NetShareEnum',
'NetShareAdd',
'WNetCancelConnection2W',
'WNetGetUserW',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetOpenEnumW',
'WNetEnumResourceW',
'WNetCloseEnum',
'BitBlt',
'CreateDIBitmap',
'CreateFontIndirectW',
'GetStockObject',
'CreatePen',
'CreateSolidBrush',
'CreateHatchBrush',
'CreateCompatibleBitmap',
'GetROP2',
'GetDeviceCaps',
'CreateCompatibleDC',
'Polygon',
'Rectangle',
'StretchBlt',
'CreateRectRgn',
'CreatePalette',
'SetPixel',
'GetBkColor',
'GetCurrentObject',
'PtVisible',
'RectVisible',
'TextOutW',
'ExtTextOutW',
'Escape',
'GetTextExtentPoint32W',
'RealizePalette',
'GetObjectW',
'GetBitmapBits',
'TransparentBlt',
'EnumPrintersW',
'SHGetSpecialFolderPathW',
'Shell_NotifyIconW',
'ShellExecuteW',
'SHDeleteKeyW',
'CoTaskMemFree',
'StringFromCLSID',
'CoCreateGuid',
'?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXPE$AAVEventHandler@System@@@Z',
'?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@@Z',
'?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVException@System@@0@Z',
'?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6AJPEAX@Z0@Z',
'?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ',
'?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@PE$AAVException@3@@Z',
'GetFileVersionInfoW',
'VerQueryValueW',
'GetFileVersionInfoSizeW',
'??0?$allocator@_W@std@@QEAA@AEBV01@@Z',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z',
'?_Decref@facet@locale@std@@QEAAPEAV123@XZ',
'?_Lockit_dtor@_Lockit@std@@SAXH@Z',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z',
'?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ',
'??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'?_Lockit_ctor@_Lockit@std@@SAXH@Z',
'WSAStartup',
'socket',
'setsockopt',
'gethostbyaddr',
'closesocket',
'recvfrom',
'sendto',
'gethostbyname',
'inet_addr',
'inet_ntoa',
'select',
'WSAAddressToStringW',
'WSAGetLastError',
'InternetCloseHandle',
'InternetReadFile',
'InternetConnectW',
'HttpEndRequestW',
'InternetOpenW',
'HttpQueryInfoW',
'InternetErrorDlg',
'HttpSendRequestA',
'InternetQueryOptionW',
'InternetOpenUrlW',
'HttpSendRequestW',
'InternetWriteFile',
'HttpSendRequestExW',
'HttpOpenRequestW',
'_CorExeMain'],
'LinkerVersion': 9,
'NumberOfImportDLL': 26,
'NumberOfImportFunctions': 420,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 1963632,
'StackReserveSize': 1048576,
'filename': './data/malware/4c35825542adb5df5ce569fe4131a28052cd3faf32d4ea8f3d494f2e54f8a965'},
'4d29729cbcff4cfa719e6fec77c13da0de3f1188cd581e969b65acea30484a07': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 206576,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 206848,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/4d29729cbcff4cfa719e6fec77c13da0de3f1188cd581e969b65acea30484a07'},
'4d5be389a9743f18c109994086148154257ff7827b16ddd87752853887eb73f7': {'AddressOfEntryPoint': 5220,
'DebugRVA': 4480,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['GetLastError',
'CloseHandle',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetExitCodeProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetSystemDirectoryW',
'WaitForSingleObject',
'ExitProcess',
'CreateProcessW',
'GetCommandLineW',
'TerminateProcess',
'HeapSetInformation',
'EnumResourceNamesW',
'FindResourceW',
'LoadResource',
'HeapAlloc',
'HeapFree',
'CreateDirectoryW',
'GetProcessHeap',
'WriteFile',
'SizeofResource',
'CreateFileW',
'GetCurrentDirectoryW',
'LockResource',
'SetCurrentDirectoryW',
'DeleteFileW',
'SetFileAttributesW',
'RegOpenKeyExW',
'RegSetValueExW',
'RegCloseKey',
'RegQueryValueExW',
'RegCreateKeyExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 44,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 222248,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 222720,
'.text\x00\x00\x00': 6144},
'StackReserveSize': 524288,
'filename': './data/malware/4d5be389a9743f18c109994086148154257ff7827b16ddd87752853887eb73f7'},
'4d7d445f825db745c750e397dfbd3ff556697f1491a8c8102b0941f901857e07': {'AddressOfEntryPoint': 1074606557,
'DebugRVA': 343232,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 339968,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'GDI32.dll': 'SetTextColor',
'KERNEL32.dll': 'HeapFree',
'OLEAUT32.dll': 'VariantChangeType',
'SHELL32.dll': 'Shell_NotifyIconA',
'SHLWAPI.dll': 'PathFindFileNameA',
'USER32.dll': 'SetWindowPos',
'VERSION.dll': 'GetFileVersionInfoSizeA',
'WINMM.dll': 'waveOutOpen',
'WINSPOOL.DRV': 'DocumentPropertiesA'},
'ImportedFunctions': ['waveOutClose',
'waveInOpen',
'waveInStart',
'waveInStop',
'waveInClose',
'waveOutReset',
'waveOutUnprepareHeader',
'waveInReset',
'waveInPrepareHeader',
'waveInUnprepareHeader',
'waveInAddBuffer',
'waveOutWrite',
'waveOutPrepareHeader',
'waveOutOpen',
'GetFileVersionInfoA',
'VerQueryValueA',
'GetFileVersionInfoSizeA',
'PathFindExtensionA',
'PathFindFileNameA',
'TlsFree',
'GlobalFlags',
'GetCPInfo',
'GetOEMCP',
'GetThreadLocale',
'GetCurrentDirectoryA',
'ReadFile',
'WriteFile',
'SetFilePointer',
'FlushFileBuffers',
'GetFullPathNameA',
'SetErrorMode',
'GetSystemTimeAsFileTime',
'HeapAlloc',
'HeapReAlloc',
'DeleteCriticalSection',
'GetCommandLineA',
'GetProcessHeap',
'GetStartupInfoA',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'ExitProcess',
'ExitThread',
'CreateThread',
'HeapSize',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlVirtualUnwind',
'GetACP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'LCMapStringA',
'LCMapStringW',
'HeapSetInformation',
'HeapCreate',
'GetStdHandle',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'QueryPerformanceCounter',
'GetTickCount',
'GetTimeZoneInformation',
'GetDriveTypeA',
'GetConsoleCP',
'GetConsoleMode',
'GetStringTypeA',
'GetStringTypeW',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'SetEnvironmentVariableA',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'LocalAlloc',
'GetPrivateProfileStringA',
'WritePrivateProfileStringA',
'SuspendThread',
'SetEvent',
'GetCurrentThread',
'ConvertDefaultLocale',
'EnumResourceLanguagesA',
'GetLocaleInfoA',
'lstrcmpA',
'GetModuleFileNameW',
'GetCurrentProcessId',
'GlobalAlloc',
'FormatMessageA',
'LocalFree',
'MulDiv',
'FindFirstFileA',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'FindNextFileA',
'FindClose',
'GlobalLock',
'GlobalUnlock',
'GlobalFree',
'FreeResource',
'GetCurrentThreadId',
'GlobalGetAtomNameA',
'GlobalAddAtomA',
'GlobalFindAtomA',
'GlobalDeleteAtom',
'FreeLibrary',
'SetLastError',
'lstrcmpW',
'MultiByteToWideChar',
'CompareStringW',
'CompareStringA',
'GetVersion',
'ResetEvent',
'CreateEventA',
'SetThreadPriority',
'ResumeThread',
'WaitForSingleObject',
'TerminateThread',
'Sleep',
'DeviceIoControl',
'CloseHandle',
'CreateFileA',
'lstrcpyA',
'GetUserDefaultUILanguage',
'GetSystemDefaultLangID',
'EnumUILanguagesA',
'GetCurrentProcess',
'IsWow64Process',
'GetNativeSystemInfo',
'GetVersionExA',
'FindResourceExA',
'GetModuleFileNameA',
'GetModuleHandleA',
'GetProcAddress',
'LoadLibraryA',
'FindResourceA',
'LoadResource',
'LockResource',
'SizeofResource',
'WideCharToMultiByte',
'GetLastError',
'lstrlenA',
'CreateProcessA',
'HeapFree',
'GrayStringA',
'GetDC',
'ReleaseDC',
'GetWindowDC',
'BeginPaint',
'EndPaint',
'GetWindowThreadProcessId',
'PostQuitMessage',
'ValidateRect',
'TranslateMessage',
'GetMessageA',
'SetCursor',
'DestroyMenu',
'WindowFromPoint',
'GetSysColorBrush',
'LoadCursorA',
'UnregisterClassA',
'DrawTextExA',
'TabbedTextOutA',
'SetMenuItemBitmaps',
'GetMenuCheckMarkDimensions',
'ModifyMenuA',
'GetMenuState',
'EnableMenuItem',
'CheckMenuItem',
'GetDesktopWindow',
'GetActiveWindow',
'CreateDialogIndirectParamA',
'GetNextDlgTabItem',
'EndDialog',
'IsWindowEnabled',
'ShowWindow',
'SetWindowTextA',
'IsDialogMessageA',
'SendDlgItemMessageA',
'WinHelpA',
'GetCapture',
'SetWindowsHookExA',
'CallNextHookEx',
'GetClassLongA',
'GetClassNameA',
'GetClassLongPtrA',
'SetPropA',
'GetPropA',
'RemovePropA',
'GetWindowTextLengthA',
'GetWindowTextA',
'GetForegroundWindow',
'GetLastActivePopup',
'SetActiveWindow',
'DispatchMessageA',
'GetDlgItem',
'GetTopWindow',
'DestroyWindow',
'GetWindowLongPtrA',
'SetWindowLongPtrA',
'UnhookWindowsHookEx',
'GetMessageTime',
'GetMessagePos',
'PeekMessageA',
'MapWindowPoints',
'TrackPopupMenu',
'GetKeyState',
'IsWindowVisible',
'UpdateWindow',
'GetMenu',
'GetMenuItemID',
'GetMenuItemCount',
'MessageBoxA',
'CreateWindowExA',
'GetClassInfoExA',
'GetClassInfoA',
'RegisterClassA',
'AdjustWindowRectEx',
'GetParent',
'GetDlgCtrlID',
'DefWindowProcA',
'CallWindowProcA',
'GetWindow',
'MoveWindow',
'SetWindowPlacement',
'GetWindowPlacement',
'OffsetRect',
'IsWindow',
'DrawIcon',
'GetSubMenu',
'GetSystemMetrics',
'IsIconic',
'LoadIconA',
'SetWindowRgn',
'SetMenuDefaultItem',
'SystemParametersInfoA',
'IntersectRect',
'CopyRect',
'SetTimer',
'KillTimer',
'InflateRect',
'GetSysColor',
'SetRect',
'LoadMenuA',
'LoadMenuIndirectA',
'FindWindowA',
'ReleaseCapture',
'PtInRect',
'GetCursorPos',
'SetCapture',
'GetClientRect',
'FillRect',
'ScreenToClient',
'DrawTextA',
'ClientToScreen',
'DrawFocusRect',
'GetFocus',
'SendMessageA',
'InvalidateRect',
'LoadBitmapA',
'GetWindowRect',
'RegisterWindowMessageA',
'SetWindowLongA',
'PostMessageA',
'GetWindowLongA',
'BringWindowToTop',
'SetForegroundWindow',
'EnableWindow',
'SetFocus',
'SetWindowPos',
'SelectObject',
'CreatePolygonRgn',
'GetClipBox',
'PtVisible',
'RectVisible',
'TextOutA',
'ExtTextOutA',
'Escape',
'SetViewportOrgEx',
'OffsetViewportOrgEx',
'SetViewportExtEx',
'ScaleViewportExtEx',
'SetWindowExtEx',
'ScaleWindowExtEx',
'CreateFontIndirectA',
'DeleteDC',
'GetStockObject',
'CreatePen',
'CreateSolidBrush',
'GetTextExtentPoint32A',
'CreateCompatibleDC',
'GetMapMode',
'CreateCompatibleBitmap',
'CreateBitmap',
'BitBlt',
'CreateBitmapIndirect',
'SetPixel',
'GetObjectA',
'GetPixel',
'DeleteObject',
'MoveToEx',
'LineTo',
'SetMapMode',
'SetBkMode',
'RestoreDC',
'SaveDC',
'GetDeviceCaps',
'SetBkColor',
'SetTextColor',
'OpenPrinterA',
'ClosePrinter',
'DocumentPropertiesA',
'RegQueryValueA',
'RegEnumKeyA',
'RegDeleteKeyA',
'RegCreateKeyA',
'RegOpenKeyA',
'RegSetValueExA',
'RegQueryValueExA',
'RegCloseKey',
'RegDeleteValueA',
'RegOpenKeyExA',
'RegCreateKeyExA',
'Shell_NotifyIconA',
'VariantClear',
'VariantInit',
'VariantChangeType'],
'LinkerVersion': 8,
'NumberOfImportDLL': 10,
'NumberOfImportFunctions': 343,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 390728,
'StackReserveSize': 1048576,
'filename': './data/malware/4d7d445f825db745c750e397dfbd3ff556697f1491a8c8102b0941f901857e07'},
'4db151037e5548c12cb6faa218e9a6adec7330ae96418bbd15c8d912f544fc73': {'AddressOfEntryPoint': 1074630462,
'DebugRVA': 64784,
'DebugSize': 56,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetUserNameW',
'KERNEL32.dll': 'EnterCriticalSection',
'MSVCP90.dll': '??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z',
'MSVCR90.dll': '_XcptFilter',
'PSAPI.DLL': 'GetModuleBaseNameW',
'USER32.dll': 'UnloadKeyboardLayout',
'USERENV.dll': 'GetUserProfileDirectoryW',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['EnumWindows',
'GetWindowThreadProcessId',
'FindWindowW',
'PostMessageW',
'LoadKeyboardLayoutW',
'SystemParametersInfoW',
'EnumDesktopWindows',
'OpenDesktopW',
'GetForegroundWindow',
'GetClassNameW',
'CloseDesktop',
'UnloadKeyboardLayout',
'GetUserProfileDirectoryW',
'GetSidSubAuthority',
'GetSidSubAuthorityCount',
'IsValidSid',
'GetTokenInformation',
'DeregisterEventSource',
'ReportEventW',
'RegisterEventSourceW',
'OpenProcessToken',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCloseKey',
'RegCreateKeyExW',
'RegSetValueExW',
'RegEnumKeyExW',
'RegDeleteValueW',
'RegEnumValueW',
'RegQueryInfoKeyW',
'RegFlushKey',
'GetUserNameW',
'GetCurrentProcessId',
'GetFileAttributesW',
'lstrlenW',
'GetCurrentProcess',
'CompareStringW',
'CloseHandle',
'WriteFile',
'lstrlenA',
'SetFilePointer',
'CreateFileW',
'WideCharToMultiByte',
'GetModuleFileNameW',
'FormatMessageW',
'GetLastError',
'GetVersionExW',
'GetUserDefaultLCID',
'GetSystemDefaultLCID',
'WaitForSingleObject',
'CreateProcessW',
'GetSystemDirectoryW',
'GetProcAddress',
'GetModuleHandleW',
'Sleep',
'OpenProcess',
'FreeLibrary',
'LoadLibraryW',
'GetTempPathW',
'GetTickCount',
'QueryPerformanceCounter',
'VirtualProtect',
'GetCurrentThreadId',
'ExpandEnvironmentStringsW',
'LeaveCriticalSection',
'GetSystemTimeAsFileTime',
'GetProcessHeap',
'HeapFree',
'HeapAlloc',
'GetStartupInfoW',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'InitializeCriticalSection',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'LocalFree',
'DeleteCriticalSection',
'EnterCriticalSection',
'CoInitialize',
'CoUninitialize',
'StringFromGUID2',
'CoCreateInstance',
'EnumProcessModules',
'GetModuleBaseNameW',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'_exit',
'__set_app_type',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'__crt_debugger_hook',
'?terminate@@YAXXZ',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'wcscpy_s',
'__C_specific_handler',
'__wgetmainargs',
'_amsg_exit',
'vswprintf_s',
'??_U@YAPEAX_K@Z',
'wcstok_s',
'??_V@YAXPEAX@Z',
'_wtoi',
'_wcsicmp',
'swscanf_s',
'memmove_s',
'wcscat_s',
'_encode_pointer',
'swprintf_s',
'memcpy',
'??2@YAPEAX_K@Z',
'??0exception@std@@QEAA@AEBV01@@Z',
'_CxxThrowException',
'??0exception@std@@QEAA@XZ',
'__CxxFrameHandler3',
'??1exception@std@@UEAA@XZ',
'?what@exception@std@@UEBAPEBDXZ',
'??0exception@std@@QEAA@AEBQEBD@Z',
'??3@YAXPEAX@Z',
'memset',
'_vsnwprintf_s',
'wcsncpy_s',
'wcsncat_s',
'_invalid_parameter_noinfo',
'_XcptFilter',
'??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z',
'?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXAEAV12@@Z',
'??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z',
'??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z',
'??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ',
'??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z',
'?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KXZ',
'?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ',
'??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z',
'?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ',
'??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z'],
'LinkerVersion': 9,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 150,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1920,
'StackReserveSize': 1048576,
'filename': './data/malware/4db151037e5548c12cb6faa218e9a6adec7330ae96418bbd15c8d912f544fc73'},
'4e5ea8c3edd23c80f3b4bfe53d129529f492f5b3859b4b9835d8dab8f1b37941': {'AddressOfEntryPoint': 1073770461,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 20480,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'GetShortPathNameA',
'OLEAUT32.dll': 'SysFreeString',
'SHELL32.dll': 'SHGetSpecialFolderPathA',
'USER32.dll': 'wsprintfA',
'msvcrt.dll': '_fmode',
'ole32.dll': 'CLSIDFromProgID'},
'ImportedFunctions': ['_onexit',
'__C_specific_handler',
'_XcptFilter',
'_c_exit',
'_exit',
'_cexit',
'exit',
'_acmdln',
'__dllonexit',
'memset',
'atoi',
'_splitpath',
'atol',
'__CxxFrameHandler',
'__getmainargs',
'_initterm',
'__setusermatherr',
'_commode',
'_setmbcp',
'__set_app_type',
'_fmode',
'DeleteFileA',
'GetProfileIntA',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'GetModuleFileNameA',
'GetPrivateProfileStringA',
'CreateDirectoryA',
'GetTempPathA',
'GetTempFileNameA',
'lstrcpyA',
'lstrcatA',
'lstrlenA',
'GetCurrentDirectoryA',
'SearchPathA',
'CopyFileA',
'GetLastError',
'lstrcpynA',
'GetVersionExA',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetStartupInfoA',
'TerminateProcess',
'WaitForSingleObject',
'GetExitCodeProcess',
'CreateProcessA',
'GetFileAttributesA',
'lstrcmpA',
'GetShortPathNameA',
'EnableWindow',
'LoadIconA',
'GetClientRect',
'IsIconic',
'SendMessageA',
'DrawIcon',
'MessageBoxA',
'GetSystemMetrics',
'wsprintfA',
'RegSetValueExA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'ShellExecuteA',
'ShellExecuteExA',
'SHGetSpecialFolderPathA',
'CoCreateInstance',
'CLSIDFromProgID',
'SysFreeString'],
'LinkerVersion': 8,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 79,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 2864,
'StackReserveSize': 1048576,
'filename': './data/malware/4e5ea8c3edd23c80f3b4bfe53d129529f492f5b3859b4b9835d8dab8f1b37941'},
'4e81aa5a0a2567ff616f7099774d742e22866dd010c3a850290f13124009de78': {'AddressOfEntryPoint': 78608,
'DebugRVA': 252508,
'DebugSize': 56,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 253952,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'API-MS-Win-Core-ErrorHandling-L1-1-0.dll': 'UnhandledExceptionFilter',
'API-MS-Win-Core-File-L1-1-0.dll': 'FindNextFileW',
'API-MS-Win-Core-Handle-L1-1-0.dll': 'CloseHandle',
'API-MS-Win-Core-Heap-L1-1-0.dll': 'HeapSetInformation',
'API-MS-Win-Core-IO-L1-1-0.dll': 'DeviceIoControl',
'API-MS-Win-Core-LibraryLoader-L1-1-0.dll': 'LoadStringW',
'API-MS-Win-Core-LocalRegistry-L1-1-0.dll': 'RegSetValueExW',
'API-MS-Win-Core-Misc-L1-1-0.dll': 'lstrlenW',
'API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll': 'ExpandEnvironmentStringsW',
'API-MS-Win-Core-ProcessThreads-L1-1-0.dll': 'GetProcessTimes',
'API-MS-Win-Core-Profile-L1-1-0.dll': 'QueryPerformanceCounter',
'API-MS-Win-Core-String-L1-1-0.dll': 'CompareStringW',
'API-MS-Win-Core-Synch-L1-1-0.dll': 'OpenProcess',
'API-MS-Win-Core-SysInfo-L1-1-0.dll': 'GetSystemTime',
'API-MS-Win-Security-Base-L1-1-0.dll': 'SetTokenInformation',
'API-MS-Win-Security-LSALookup-L1-1-0.dll': 'LsaLookupOpenLocalPolicy',
'API-MS-Win-Security-SDDL-L1-1-0.dll': 'ConvertSidToStringSidW',
'CRYPTBASE.dll': 'SystemFunction005',
'RPCRT4.dll': 'RpcAsyncAbortCall',
'SspiCli.dll': 'LogonUserExExW',
'msvcrt.dll': '_ultow',
'ntdll.dll': 'RtlUnicodeStringToInteger'},
'ImportedFunctions': ['_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'exit',
'_fmode',
'__set_app_type',
'?terminate@@YAXXZ',
'_commode',
'memset',
'memcpy',
'_ltow',
'wcscspn',
'__getmainargs',
'_ltow_s',
'wcschr',
'_wcslwr',
'_ultow_s',
'time',
'wcsrchr',
'_vsnwprintf',
'_wcsnicmp',
'wcstoul',
'wcsstr',
'_wcsicmp',
'_wtol',
'wcsncmp',
'_ultow',
'UuidCreate',
'UuidCreateNil',
'UuidEqual',
'RpcServerUnsubscribeForNotification',
'RpcServerSubscribeForNotification',
'RpcBindingVectorFree',
'RpcServerRegisterAuthInfoW',
'RpcServerInqDefaultPrincNameW',
'RpcEpRegisterW',
'RpcStringFreeW',
'RpcStringBindingParseW',
'RpcBindingToStringBindingW',
'RpcServerInqBindings',
'RpcServerUseProtseqW',
'RpcServerUseProtseqEpW',
'I_RpcMapWin32Status',
'RpcServerInqCallAttributesW',
'RpcAsyncCompleteCall',
'RpcRevertToSelf',
'RpcImpersonateClient',
'RpcServerInqBindingHandle',
'I_RpcBindingInqLocalClientPID',
'I_RpcSessionStrictContextHandle',
'I_RpcBindingIsClientLocal',
'NdrServerCall2',
'NdrAsyncServerCall',
'UuidFromStringW',
'RpcBindingFree',
'RpcServerInqCallAttributesA',
'RpcServerRegisterIfEx',
'RpcAsyncAbortCall',
'LogonUserExExW',
'RtlLengthSid',
'EtwTraceMessage',
'NtTraceControl',
'RtlSetLastWin32Error',
'EtwGetTraceLoggerHandle',
'RtlInitializeCriticalSection',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'NtOpenThread',
'NtQueueApcThread',
'RtlQueueApcWow64Thread',
'EvtIntReportEventAndSourceAsync',
'EtwEventWrite',
'EtwEventRegister',
'RtlUnhandledExceptionFilter',
'RtlFreeHeap',
'NtSetEvent',
'NtSetInformationProcess',
'NtOpenProcessToken',
'RtlSetProcessIsCritical',
'NtQueryInformationFile',
'NtSetInformationFile',
'RtlAppendUnicodeStringToString',
'RtlAppendUnicodeToString',
'NtWaitForSingleObject',
'NtQueryDirectoryFile',
'NtDeleteFile',
'RtlCopyUnicodeString',
'NtFilterToken',
'NtQueryInformationToken',
'NtSetInformationThread',
'NtAdjustPrivilegesToken',
'NtDuplicateToken',
'NtAccessCheckAndAuditAlarm',
'NtAccessCheck',
'NtPrivilegeObjectAuditAlarm',
'NtPrivilegeCheck',
'RtlMapGenericMask',
'RtlSetSecurityObject',
'NtOpenThreadToken',
'RtlValidRelativeSecurityDescriptor',
'RtlQuerySecurityObject',
'RtlSubAuthoritySid',
'WinSqmAddToStream',
'RtlSetControlSecurityDescriptor',
'NtDeleteKey',
'NtEnumerateKey',
'NtDeleteValueKey',
'NtSetValueKey',
'NtQueryValueKey',
'NtOpenKey',
'NtCreateKey',
'RtlLengthSecurityDescriptor',
'RtlValidSecurityDescriptor',
'RtlSetEnvironmentVariable',
'RtlConvertExclusiveToShared',
'RtlConvertSharedToExclusive',
'RtlCreateServiceSid',
'RtlRegisterWait',
'RtlEqualUnicodeString',
'RtlGetNtProductType',
'RtlCopySid',
'NtUnloadDriver',
'RtlCompareUnicodeString',
'NtQueryDirectoryObject',
'NtOpenDirectoryObject',
'NtLoadDriver',
'DbgPrintEx',
'RtlAdjustPrivilege',
'RtlExpandEnvironmentStrings_U',
'RtlInitializeSRWLock',
'NtOpenFile',
'NtQuerySymbolicLinkObject',
'NtOpenSymbolicLinkObject',
'RtlFreeUnicodeString',
'RtlDosPathNameToNtPathName_U',
'RtlReleaseSRWLockShared',
'NtDeleteObjectAuditAlarm',
'RtlAcquireSRWLockShared',
'NtFlushKey',
'RtlAreAllAccessesGranted',
'NtCloseObjectAuditAlarm',
'RtlReleaseSRWLockExclusive',
'RtlAcquireSRWLockExclusive',
'RtlDeregisterWait',
'RtlAcquireResourceShared',
'RtlInitializeResource',
'RtlQueueWorkItem',
'RtlDeleteSecurityObject',
'RtlReleaseResource',
'RtlAcquireResourceExclusive',
'RtlCopyLuid',
'NtQueryKey',
'NtShutdownSystem',
'NtInitializeRegistry',
'NtSetSystemEnvironmentValue',
'RtlInitUnicodeString',
'NtClose',
'RtlNtStatusToDosError',
'NtQuerySystemInformation',
'RtlNtStatusToDosErrorNoTeb',
'RtlLengthRequiredSid',
'RtlAddAce',
'RtlCreateAcl',
'RtlSetDaclSecurityDescriptor',
'RtlNewSecurityObject',
'RtlSetGroupSecurityDescriptor',
'RtlSetSaclSecurityDescriptor',
'RtlAllocateHeap',
'RtlInitializeSid',
'RtlSubAuthorityCountSid',
'RtlCreateSecurityDescriptor',
'RtlSetOwnerSecurityDescriptor',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlUnicodeStringToAnsiString',
'EtwGetTraceEnableLevel',
'EtwGetTraceEnableFlags',
'EtwRegisterTraceGuidsW',
'RtlUnicodeStringToInteger',
'LsaLookupTranslateSids',
'LsaLookupFreeMemory',
'LsaLookupClose',
'LsaLookupManageSidNameMapping',
'LsaLookupGetDomainInfo',
'LsaLookupTranslateNames',
'LsaLookupOpenLocalPolicy',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'ConvertSecurityDescriptorToStringSecurityDescriptorW',
'ConvertSidToStringSidW',
'SystemFunction029',
'SystemFunction005',
'GetLastError',
'SetLastError',
'SetUnhandledExceptionFilter',
'SetErrorMode',
'UnhandledExceptionFilter',
'SetFileInformationByHandle',
'CreateDirectoryW',
'FindFirstFileW',
'CreateFileW',
'FindClose',
'FindNextFileW',
'DuplicateHandle',
'CloseHandle',
'HeapAlloc',
'HeapFree',
'HeapCreate',
'HeapSetInformation',
'DeviceIoControl',
'GetModuleHandleW',
'GetProcAddress',
'LoadLibraryExW',
'FreeLibrary',
'LoadStringW',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCloseKey',
'RegNotifyChangeKeyValue',
'RegSetKeySecurity',
'RegGetKeySecurity',
'RegLoadMUIStringW',
'RegCreateKeyExW',
'RegSetValueExW',
'LocalAlloc',
'LocalFree',
'Sleep',
'IsWow64Process',
'lstrlenW',
'GetEnvironmentVariableW',
'ExpandEnvironmentStringsW',
'CreateThread',
'CreateProcessW',
'TerminateProcess',
'GetCurrentThreadId',
'GetProcessId',
'OpenThreadToken',
'GetCurrentThread',
'GetCurrentProcess',
'InitializeProcThreadAttributeList',
'UpdateProcThreadAttribute',
'DeleteProcThreadAttributeList',
'CreateProcessAsUserW',
'ResumeThread',
'OpenProcessToken',
'GetCurrentProcessId',
'SetProcessShutdownParameters',
'ExitThread',
'SetThreadPriority',
'GetProcessTimes',
'QueryPerformanceCounter',
'CompareStringW',
'InitializeCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'WaitForSingleObject',
'SetEvent',
'CreateEventW',
'WaitForMultipleObjectsEx',
'ResetEvent',
'OpenEventW',
'OpenProcess',
'GetTickCount',
'GetSystemTimeAsFileTime',
'GetSystemDirectoryW',
'GetComputerNameExW',
'GetVersionExW',
'GetSystemTime',
'GetSecurityDescriptorDacl',
'SetSecurityDescriptorOwner',
'InitializeSecurityDescriptor',
'EqualSid',
'AdjustTokenPrivileges',
'RevertToSelf',
'ImpersonateLoggedOnUser',
'CopySid',
'GetLengthSid',
'CheckTokenMembership',
'GetTokenInformation',
'InitializeAcl',
'AddAce',
'SetSecurityDescriptorDacl',
'AllocateLocallyUniqueId',
'AllocateAndInitializeSid',
'FreeSid',
'GetKernelObjectSecurity',
'SetKernelObjectSecurity',
'AddAccessAllowedAce',
'SetTokenInformation'],
'LinkerVersion': 9,
'NumberOfImportDLL': 23,
'NumberOfImportFunctions': 293,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 19112,
'SectionNames': {'.data\x00\x00\x00': 6144,
'.pdata\x00\x00': 11264,
'.rdata\x00\x00': 39936,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 19456,
'.text\x00\x00\x00': 248832},
'StackReserveSize': 524288,
'filename': './data/malware/4e81aa5a0a2567ff616f7099774d742e22866dd010c3a850290f13124009de78'},
'4e903131653f2203f82e82ee3df903360ad59b1d574e7a6dfee6f5cd63b26a35': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/4e903131653f2203f82e82ee3df903360ad59b1d574e7a6dfee6f5cd63b26a35'},
'4e977a30a9648c13e874c4fa95a596c6eae65eb83b76bdcad8014df2627ef29d': {'AddressOfEntryPoint': 134704,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 278528,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 3164,
'SectionNames': {'.data\x00\x00\x00': 21504,
'.pdata\x00\x00': 11264,
'.rdata\x00\x00': 75264,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 272384},
'StackReserveSize': 1048576,
'filename': './data/malware/4e977a30a9648c13e874c4fa95a596c6eae65eb83b76bdcad8014df2627ef29d'},
'4edcabead7df2e864c6e874e42f7d6c999b2f872ec3a41b06e2b3193045c2117': {'AddressOfEntryPoint': 107836,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 37672,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 596992,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/4edcabead7df2e864c6e874e42f7d6c999b2f872ec3a41b06e2b3193045c2117'},
'4f0498aa57fdebcca74c719cda157184c1d31bcb2692cfbb5c9b63343901eb92': {'AddressOfEntryPoint': 2483035,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 2478872,
'ExportSize': 3152,
'IATRVA': 2491904,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 617216,
'SectionNames': {'.data\x00\x00\x00': 0,
'.pdata\x00\x00': 0,
'.rdata\x00\x00': 0,
'.rsrc\x00\x00\x00': 583680,
'.text\x00\x00\x00': 0,
'.tls\x00\x00\x00\x00': 512,
'.vmp0\x00\x00\x00': 0,
'.vmp1\x00\x00\x00': 551936},
'StackReserveSize': 1048576,
'filename': './data/malware/4f0498aa57fdebcca74c719cda157184c1d31bcb2692cfbb5c9b63343901eb92'},
'4f1d180079b3c120650b23011e9cfb43e9d3f5f5f67fb48432f26836db3de9ac': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'InitializeSecurityDescriptor',
'KERNEL32.dll': 'FindFirstFileA',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'SendDlgItemMessageA',
'msvcrt.dll': '_vsnprintf',
'ntdll.dll': 'NtShutdownSystem'},
'ImportedFunctions': ['__initenv',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'strncpy',
'strstr',
'_strlwr',
'strrchr',
'__getmainargs',
'_strnicmp',
'_wcsicmp',
'towlower',
'strchr',
'memset',
'tolower',
'memcpy',
'_snprintf',
'sprintf',
'free',
'malloc',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_stricmp',
'_vsnprintf',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'CryptAcquireContextA',
'CryptGenRandom',
'CryptReleaseContext',
'AllocateAndInitializeSid',
'OpenProcessToken',
'GetTokenInformation',
'GetLengthSid',
'InitiateSystemShutdownA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'InitializeSecurityDescriptor',
'CreateThread',
'GetFileSize',
'CreateProcessA',
'GetExitCodeProcess',
'DosDateTimeToFileTime',
'LocalFileTimeToFileTime',
'InitializeCriticalSectionAndSpinCount',
'SetEndOfFile',
'GetCurrentDirectoryA',
'QueryDosDeviceA',
'GetDiskFreeSpaceA',
'GetSystemTime',
'CreateEventA',
'SetFileAttributesA',
'CopyFileA',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SystemTimeToFileTime',
'GetProcessHeap',
'FindClose',
'FindNextFileA',
'SetFileTime',
'Sleep',
'GetVersionExA',
'ReadFile',
'SetFilePointer',
'MoveFileExA',
'RemoveDirectoryA',
'GetLastError',
'CreateDirectoryA',
'GetTickCount',
'SetErrorMode',
'CloseHandle',
'DeviceIoControl',
'CreateFileA',
'GetDriveTypeA',
'HeapFree',
'FormatMessageA',
'LeaveCriticalSection',
'DeleteFileA',
'EnterCriticalSection',
'TerminateProcess',
'WaitForMultipleObjects',
'CreateEventW',
'SetEvent',
'GetModuleFileNameA',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'WideCharToMultiByte',
'HeapAlloc',
'SetLastError',
'WriteFile',
'GetProcAddress',
'LoadLibraryA',
'GetSystemDirectoryA',
'FreeLibrary',
'MoveFileA',
'ExpandEnvironmentStringsA',
'ExitProcess',
'DeleteCriticalSection',
'FlushFileBuffers',
'WaitForSingleObject',
'OpenEventA',
'GetCurrentProcess',
'GetFileAttributesA',
'GetCommandLineA',
'FindFirstFileA',
'NtOpenProcessToken',
'NtAdjustPrivilegesToken',
'NtClose',
'NtShutdownSystem',
'ShowWindow',
'SendMessageA',
'DialogBoxParamA',
'MessageBoxA',
'SetParent',
'EndDialog',
'LoadStringA',
'SendDlgItemMessageA',
'SHBrowseForFolderA',
'SHGetPathFromIDListA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 133,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3364,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 1385984,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/4f1d180079b3c120650b23011e9cfb43e9d3f5f5f67fb48432f26836db3de9ac'},
'4f2c4a3aa41d32a1a8a4618cfaeece2dafcbf770af85ef48effa59d330960d32': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'InitializeSecurityDescriptor',
'KERNEL32.dll': 'FindFirstFileA',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'SendDlgItemMessageA',
'msvcrt.dll': '_vsnprintf',
'ntdll.dll': 'NtShutdownSystem'},
'ImportedFunctions': ['__initenv',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'strncpy',
'strstr',
'_strlwr',
'strrchr',
'__getmainargs',
'_strnicmp',
'_wcsicmp',
'towlower',
'strchr',
'memset',
'tolower',
'memcpy',
'_snprintf',
'sprintf',
'free',
'malloc',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_stricmp',
'_vsnprintf',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'CryptAcquireContextA',
'CryptGenRandom',
'CryptReleaseContext',
'AllocateAndInitializeSid',
'OpenProcessToken',
'GetTokenInformation',
'GetLengthSid',
'InitiateSystemShutdownA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'InitializeSecurityDescriptor',
'CreateThread',
'GetFileSize',
'CreateProcessA',
'GetExitCodeProcess',
'DosDateTimeToFileTime',
'LocalFileTimeToFileTime',
'InitializeCriticalSectionAndSpinCount',
'SetEndOfFile',
'GetCurrentDirectoryA',
'QueryDosDeviceA',
'GetDiskFreeSpaceA',
'GetSystemTime',
'CreateEventA',
'SetFileAttributesA',
'CopyFileA',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SystemTimeToFileTime',
'GetProcessHeap',
'FindClose',
'FindNextFileA',
'SetFileTime',
'Sleep',
'GetVersionExA',
'ReadFile',
'SetFilePointer',
'MoveFileExA',
'RemoveDirectoryA',
'GetLastError',
'CreateDirectoryA',
'GetTickCount',
'SetErrorMode',
'CloseHandle',
'DeviceIoControl',
'CreateFileA',
'GetDriveTypeA',
'HeapFree',
'FormatMessageA',
'LeaveCriticalSection',
'DeleteFileA',
'EnterCriticalSection',
'TerminateProcess',
'WaitForMultipleObjects',
'CreateEventW',
'SetEvent',
'GetModuleFileNameA',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'WideCharToMultiByte',
'HeapAlloc',
'SetLastError',
'WriteFile',
'GetProcAddress',
'LoadLibraryA',
'GetSystemDirectoryA',
'FreeLibrary',
'MoveFileA',
'ExpandEnvironmentStringsA',
'ExitProcess',
'DeleteCriticalSection',
'FlushFileBuffers',
'WaitForSingleObject',
'OpenEventA',
'GetCurrentProcess',
'GetFileAttributesA',
'GetCommandLineA',
'FindFirstFileA',
'NtOpenProcessToken',
'NtAdjustPrivilegesToken',
'NtClose',
'NtShutdownSystem',
'ShowWindow',
'SendMessageA',
'DialogBoxParamA',
'MessageBoxA',
'SetParent',
'EndDialog',
'LoadStringA',
'SendDlgItemMessageA',
'SHBrowseForFolderA',
'SHGetPathFromIDListA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 133,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 9660,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 4593664,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/4f2c4a3aa41d32a1a8a4618cfaeece2dafcbf770af85ef48effa59d330960d32'},
'4f63eb99dabefb760e61745ebeae4981fc16d91715605a717d3cd94db2db9789': {'AddressOfEntryPoint': 45072,
'DebugRVA': 24960,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 40960,
'ExportSize': 1878,
'IATRVA': 24576,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'NDIS.SYS': 'NdisRegisterTdiCallBack',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['RtlAnsiStringToUnicodeString',
'KeSetEvent',
'KeInitializeDpc',
'RtlInitString',
'KeReleaseSpinLock',
'IoAllocateErrorLogEntry',
'KeInitializeTimer',
'RtlxAnsiStringToUnicodeSize',
'KeQueryTimeIncrement',
'KeWaitForSingleObject',
'KeSetTimer',
'KeAcquireSpinLockRaiseToDpc',
'MmUnmapLockedPages',
'IoBuildPartialMdl',
'IoIs32bitProcess',
'KeReleaseSpinLockFromDpcLevel',
'MmFreeMappingAddress',
'MmMapLockedPagesWithReservedMapping',
'MmMapLockedPagesSpecifyCache',
'IoWriteErrorLogEntry',
'NtCreateFile',
'MmUnmapReservedMapping',
'KeAcquireSpinLockAtDpcLevel',
'_wcsicmp',
'ExFreePoolWithTag',
'_wcsnicmp',
'RtlInitUnicodeString',
'RtlAppendUnicodeToString',
'KeInitializeEvent',
'DbgBreakPoint',
'ZwQueryValueKey',
'ZwClose',
'RtlAppendUnicodeStringToString',
'RtlCompareUnicodeString',
'RtlCopyUnicodeString',
'DbgPrint',
'ZwOpenKey',
'KeBugCheckEx',
'ExAllocatePoolWithTag',
'NlsMbCodePageTag',
'MmAllocateMappingAddress',
'ExQueueWorkItem',
'__C_specific_handler',
'NdisReturnPackets',
'NdisDeregisterTdiCallBack',
'NdisRegisterTdiCallBack'],
'LinkerVersion': 8,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 46,
'NumberOfSections': 9,
'OSVersion': 5,
'ResSize': 976,
'SectionNames': {'.data\x00\x00\x00': 512,
'.edata\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 3072,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 19968,
'INIT\x00\x00\x00\x00': 2048,
'PAGE\x00\x00\x00\x00': 512},
'StackReserveSize': 262144,
'filename': './data/malware/4f63eb99dabefb760e61745ebeae4981fc16d91715605a717d3cd94db2db9789'},
'4f67d58a4cbb09be604cfdbf75637469d75db9bebdc47efbc0c77fc6eddaf95c': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 294516,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 294912,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/4f67d58a4cbb09be604cfdbf75637469d75db9bebdc47efbc0c77fc6eddaf95c'},
'4fa6203e5ab578e4f9886fb6d1b0b91753a0ddf4baf5036b744da06a587a9b40': {'AddressOfEntryPoint': 134704,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 278528,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 3164,
'SectionNames': {'.data\x00\x00\x00': 21504,
'.pdata\x00\x00': 11264,
'.rdata\x00\x00': 75264,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 272384},
'StackReserveSize': 1048576,
'filename': './data/malware/4fa6203e5ab578e4f9886fb6d1b0b91753a0ddf4baf5036b744da06a587a9b40'},
'5087c7445e36ebb0a746a6961c39dd78d1d4ed8d2895e25abaae05413c3be8ea': {'AddressOfEntryPoint': 151856,
'DebugRVA': 252528,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 249856,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExW',
'COMCTL32.dll': 'InitCommonControlsEx',
'GDI32.dll': 'ExtTextOutW',
'KERNEL32.dll': 'CloseHandle',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'Shell_NotifyIconW',
'SHLWAPI.dll': 'PathFindExtensionW',
'USER32.dll': 'UnregisterClassA',
'WINSPOOL.DRV': 'ClosePrinter',
'ole32.dll': 'CoInitialize'},
'ImportedFunctions': ['HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoW',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'ExitProcess',
'HeapReAlloc',
'RaiseException',
'RtlPcToFileHeader',
'HeapSize',
'SetUnhandledExceptionFilter',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'GetSystemTimeAsFileTime',
'Sleep',
'TerminateProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetConsoleCP',
'GetConsoleMode',
'GetLocaleInfoA',
'GetStringTypeA',
'GetStringTypeW',
'LCMapStringA',
'LCMapStringW',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetErrorMode',
'lstrlenA',
'GetCurrentProcess',
'FlushFileBuffers',
'SetFilePointer',
'WriteFile',
'ReadFile',
'GetThreadLocale',
'TlsFree',
'DeleteCriticalSection',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'LocalAlloc',
'GlobalFlags',
'FormatMessageW',
'LocalFree',
'FreeResource',
'GlobalFindAtomW',
'CompareStringW',
'LoadLibraryA',
'GetVersionExA',
'MulDiv',
'GetModuleHandleA',
'lstrlenW',
'WritePrivateProfileStringW',
'GetCurrentProcessId',
'GlobalAddAtomW',
'SetLastError',
'GlobalUnlock',
'VirtualProtect',
'GlobalDeleteAtom',
'GetCurrentThread',
'GetCurrentThreadId',
'ConvertDefaultLocale',
'GetVersion',
'EnumResourceLanguagesW',
'GetModuleFileNameW',
'lstrcmpA',
'GetLocaleInfoW',
'LoadLibraryW',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GlobalLock',
'lstrcmpW',
'FreeLibrary',
'GetModuleHandleW',
'GetProcAddress',
'lstrcpyW',
'WaitForMultipleObjects',
'SetEvent',
'CreateThread',
'ResetEvent',
'CreateEventW',
'GlobalAlloc',
'QueryPerformanceFrequency',
'QueryPerformanceCounter',
'GlobalFree',
'GetUserDefaultUILanguage',
'FindResourceExW',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'GetLastError',
'CreateMutexW',
'GetTickCount',
'CloseHandle',
'DestroyMenu',
'GetDesktopWindow',
'CreateDialogIndirectParamW',
'GetNextDlgTabItem',
'EndDialog',
'SetWindowTextW',
'IsDialogMessageW',
'RegisterWindowMessageW',
'SendDlgItemMessageA',
'SendDlgItemMessageW',
'WinHelpW',
'GetClassNameW',
'GetClassLongPtrW',
'IsWindow',
'GetWindowTextW',
'GetForegroundWindow',
'GetTopWindow',
'DestroyWindow',
'GetWindowLongPtrW',
'SetWindowLongPtrW',
'UnhookWindowsHookEx',
'GetMessageTime',
'GetMessagePos',
'MapWindowPoints',
'UnregisterClassW',
'UpdateWindow',
'GetMenu',
'GetSubMenu',
'GetMenuItemID',
'GetMenuItemCount',
'CreateWindowExW',
'GetClassInfoExW',
'GetClassInfoW',
'RegisterClassW',
'AdjustWindowRectEx',
'CopyRect',
'PtInRect',
'GetDlgCtrlID',
'DefWindowProcW',
'CallWindowProcW',
'SetWindowLongW',
'SystemParametersInfoA',
'GetWindowPlacement',
'GetWindow',
'GetSysColor',
'EndPaint',
'BeginPaint',
'ReleaseDC',
'GetDC',
'ClientToScreen',
'ScreenToClient',
'GrayStringW',
'DrawTextExW',
'DrawTextW',
'TabbedTextOutW',
'SetMenuItemBitmaps',
'GetMenuCheckMarkDimensions',
'LoadBitmapW',
'ModifyMenuW',
'GetMenuState',
'EnableMenuItem',
'CheckMenuItem',
'GetWindowThreadProcessId',
'GetLastActivePopup',
'MessageBoxW',
'SetCursor',
'SetPropW',
'GetCapture',
'SetActiveWindow',
'MapDialogRect',
'SetWindowPos',
'ShowWindow',
'GetPropW',
'GetSysColorBrush',
'LoadCursorW',
'RemovePropW',
'GetAsyncKeyState',
'GetFocus',
'SetFocus',
'GetWindowLongW',
'GetDlgItem',
'IsWindowEnabled',
'SetWindowsHookExW',
'CallNextHookEx',
'GetMessageW',
'TranslateMessage',
'DispatchMessageW',
'GetActiveWindow',
'IsWindowVisible',
'GetKeyState',
'PeekMessageW',
'GetCursorPos',
'ValidateRect',
'PostQuitMessage',
'LoadImageW',
'GetParent',
'GetWindowRect',
'GetClientRect',
'LoadIconW',
'IsIconic',
'GetSystemMenu',
'AppendMenuW',
'SendMessageW',
'EnableWindow',
'DrawIcon',
'GetSystemMetrics',
'SetForegroundWindow',
'OpenIcon',
'PostMessageW',
'FindWindowW',
'UnregisterClassA',
'DeleteDC',
'GetStockObject',
'TextOutW',
'GetDeviceCaps',
'EnumFontFamiliesExW',
'RectVisible',
'PtVisible',
'ScaleWindowExtEx',
'SetWindowExtEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'SelectObject',
'Escape',
'CreateBitmap',
'GetObjectW',
'DeleteObject',
'GetClipBox',
'SetMapMode',
'SetTextColor',
'SetBkColor',
'RestoreDC',
'SaveDC',
'ExtTextOutW',
'DocumentPropertiesW',
'OpenPrinterW',
'ClosePrinter',
'RegEnumKeyW',
'RegQueryValueW',
'RegOpenKeyW',
'RegSetValueExW',
'RegDeleteKeyW',
'RegOpenKeyExW',
'RegCloseKey',
'RegQueryValueExW',
'RegCreateKeyExW',
'Shell_NotifyIconW',
'InitCommonControlsEx',
'PathFindFileNameW',
'PathFindExtensionW',
'CoUninitialize',
'CoTaskMemFree',
'CoTaskMemAlloc',
'PropVariantClear',
'CoCreateInstance',
'CoInitialize',
'VariantClear',
'VariantChangeType',
'VariantInit'],
'LinkerVersion': 8,
'NumberOfImportDLL': 10,
'NumberOfImportFunctions': 287,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 62200,
'SectionNames': {'.data\x00\x00\x00': 12288,
'.pdata\x00\x00': 17920,
'.rdata\x00\x00': 76288,
'.rsrc\x00\x00\x00': 62464,
'.text\x00\x00\x00': 242688},
'StackReserveSize': 1048576,
'filename': './data/malware/5087c7445e36ebb0a746a6961c39dd78d1d4ed8d2895e25abaae05413c3be8ea'},
'5096df319af5515306f8a2c4ecc8dec38448c2c6fd6facf23627c351667eaec2': {'AddressOfEntryPoint': 7792,
'DebugRVA': 45664,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'MD5Init',
'KERNEL32.dll': 'GetProcessHeap',
'WS2_32.dll': 'WSAStartup',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['sprintf',
'RtlStringFromGUID',
'RtlInitUnicodeString',
'ZwCreateKey',
'ZwWriteFile',
'wcstoul',
'ZwQueryVolumeInformationFile',
'RtlTimeToSecondsSince1970',
'RtlNtStatusToDosError',
'ZwCreateFile',
'LdrAccessResource',
'LdrFindResource_U',
'RtlFreeUnicodeString',
'ZwResumeThread',
'ZwWriteVirtualMemory',
'ZwProtectVirtualMemory',
'ZwSetInformationFile',
'ZwWaitForSingleObject',
'ZwGetContextThread',
'RtlExitUserThread',
'RtlCreateUserThread',
'ZwDuplicateObject',
'ZwOpenFile',
'RtlDosPathNameToNtPathName_U',
'ZwClose',
'RtlAdjustPrivilege',
'ZwImpersonateThread',
'ZwOpenThread',
'ZwOpenProcess',
'ZwQuerySystemInformation',
'RtlIpv4AddressToStringA',
'ZwOpenKey',
'ZwQueryValueKey',
'RtlIpv4StringToAddressExW',
'_wtoi64',
'wcschr',
'ZwQueueApcThread',
'ZwAllocateVirtualMemory',
'RtlEqualUnicodeString',
'ZwOpenEvent',
'ZwSetContextThread',
'ZwQueryInformationFile',
'ZwSetValueKey',
'LdrFindEntryForAddress',
'__chkstk',
'memcpy',
'GetSystemDefaultLangID',
'GetSystemTimeAsFileTime',
'GetLastError',
'BindIoCompletionCallback',
'HeapAlloc',
'GetVersion',
'Sleep',
'GetCommandLineW',
'LoadLibraryExW',
'ExitProcess',
'VirtualFree',
'VirtualAlloc',
'GetModuleHandleW',
'HeapFree',
'GetProcessHeap',
'MD5Final',
'MD5Update',
'MD5Init',
'WSASend',
'WSARecv',
'WSAIoctl',
'bind',
'closesocket',
'WSAGetLastError',
'WSASocketW',
'WSAStartup'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 72,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 2560,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 5632,
'.rsrc\x00\x00\x00': 2560,
'.text\x00\x00\x00': 40960},
'StackReserveSize': 1048576,
'filename': './data/malware/5096df319af5515306f8a2c4ecc8dec38448c2c6fd6facf23627c351667eaec2'},
'50aadca76302e13145462a6c70559b52b0054310653619ee5ef12a002c90e88c': {'AddressOfEntryPoint': 1073819345,
'DebugRVA': 4736,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'EventRegister',
'COMCTL32.dll': 'InitCommonControlsEx',
'CmnCliM.dll': 'CreateZoneShell',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'GetStartupInfoW',
'OLEAUT32.dll': 'SysAllocString',
'USER32.dll': 'MessageBoxW',
'msvcrt.dll': '_amsg_exit',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['GetTraceEnableFlags',
'GetTraceLoggerHandle',
'UnregisterTraceGuids',
'GetTraceEnableLevel',
'RegisterTraceGuidsW',
'EventUnregister',
'EventRegister',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'?terminate@@YAXXZ',
'_initterm',
'_acmdln',
'exit',
'_cexit',
'_ismbblead',
'_exit',
'??3@YAXPEAX@Z',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_amsg_exit',
'InitCommonControlsEx',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'SysFreeString',
'SysAllocString',
'CreateEventW',
'GetLastError',
'GetModuleFileNameW',
'FormatMessageW',
'FreeLibrary',
'CloseHandle',
'RtlLookupFunctionEntry',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'RtlCaptureContext',
'CreateMutexW',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'GetModuleHandleW',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'LoadLibraryW',
'Sleep',
'GetStartupInfoW',
'DeleteObject',
'SetForegroundWindow',
'FindWindowW',
'BringWindowToTop',
'ShowWindow',
'IsWindowVisible',
'MsgWaitForMultipleObjects',
'PeekMessageW',
'LoadStringW',
'MessageBoxW',
'DisplayFatalApplicationErrorMessage',
'CreateZoneShell'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 64,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 85064,
'StackReserveSize': 524288,
'filename': './data/malware/50aadca76302e13145462a6c70559b52b0054310653619ee5ef12a002c90e88c'},
'513b431da8a384449085183f8d90e36262fd77ffe01209c5a29f2fcc60507029': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 8335972,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 8336384,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/513b431da8a384449085183f8d90e36262fd77ffe01209c5a29f2fcc60507029'},
'513e6f142cd61a2d3abc35735b35ba8681867b794ca9e511b33c6a4fcdb5b5de': {'AddressOfEntryPoint': 172132,
'DebugRVA': 155824,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 155648,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'ntoskrnl.exe': 'KeBugCheckEx',
'storport.sys': 'StorPortQuerySystemTime'},
'ImportedFunctions': ['_vsnprintf',
'KeBugCheckEx',
'StorPortGetBusData',
'StorPortGetDeviceBase',
'StorPortLogError',
'StorPortSetBusDataByOffset',
'StorPortStallExecution',
'StorPortGetPhysicalAddress',
'StorPortInitialize',
'StorPortNotification',
'StorPortExtendedFunction',
'StorPortGetScatterGatherList',
'StorPortSetDeviceQueueDepth',
'StorPortGetLogicalUnit',
'StorPortSynchronizeAccess',
'StorPortAllocateRegistryBuffer',
'StorPortRegistryRead',
'StorPortFreeDeviceBase',
'StorPortGetUncachedExtension',
'StorPortQuerySystemTime'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 20,
'NumberOfSections': 7,
'OSVersion': 6,
'ResSize': 9656,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 4608,
'.rdata\x00\x00': 4096,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 9728,
'.text\x00\x00\x00': 151040,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/513e6f142cd61a2d3abc35735b35ba8681867b794ca9e511b33c6a4fcdb5b5de'},
'514152828f6ecd9f0a5ee1698e79883ca97e39bb4dffeab7cfdd29b6495a2a0f': {'AddressOfEntryPoint': 1074702569,
'DebugRVA': 666240,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 906544,
'ExportSize': 483,
'IATRVA': 663552,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'CryptGetHashParam',
'KERNEL32.dll': 'LoadLibraryA',
'USER32.dll': 'GetProcessWindowStation',
'USERENV.dll': 'CreateEnvironmentBlock',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WINMM.dll': 'timeGetDevCaps',
'WS2_32.dll': 'recv',
'ole32.dll': 'CoTaskMemFree'},
'ImportedFunctions': ['LocalAlloc',
'ResumeThread',
'GetModuleHandleW',
'GetLongPathNameW',
'IsProcessInJob',
'GetCurrentProcessId',
'DuplicateHandle',
'OpenProcess',
'GetModuleFileNameW',
'GetTempPathW',
'GetLastError',
'GetEnvironmentVariableW',
'GetCommandLineW',
'CreateProcessW',
'CloseHandle',
'GetFileInformationByHandle',
'GetExitCodeProcess',
'WaitForSingleObject',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'DebugActiveProcess',
'GetProcessId',
'GetUserDefaultLCID',
'GetUserDefaultLangID',
'LeaveCriticalSection',
'ReleaseSemaphore',
'GetCurrentThreadId',
'EnterCriticalSection',
'VirtualQuery',
'CreateFileW',
'RtlCaptureContext',
'DeleteCriticalSection',
'FreeLibrary',
'LoadLibraryW',
'CreateThread',
'CreateSemaphoreW',
'InitializeCriticalSection',
'WaitNamedPipeW',
'WaitForMultipleObjects',
'SetEvent',
'ResetEvent',
'WriteFile',
'TransactNamedPipe',
'SetNamedPipeHandleState',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CreateEventW',
'ExpandEnvironmentStringsW',
'SetEnvironmentVariableW',
'LocalFree',
'RaiseException',
'SetThreadPriority',
'IsDebuggerPresent',
'lstrlenW',
'GetStdHandle',
'SetInformationJobObject',
'VirtualQueryEx',
'HeapSetInformation',
'GetTickCount',
'GetModuleHandleExA',
'ReadFile',
'SetHandleInformation',
'GetSystemInfo',
'AssignProcessToJobObject',
'GetSystemTimeAsFileTime',
'GetNativeSystemInfo',
'GetVersionExW',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'UnmapViewOfFile',
'GetFileAttributesW',
'SetUnhandledExceptionFilter',
'SetCurrentDirectoryW',
'FindClose',
'FindNextFileW',
'FindFirstFileW',
'GetCurrentDirectoryW',
'MapViewOfFile',
'CreateFileMappingW',
'SetLastError',
'QueryDosDeviceW',
'ReleaseMutex',
'CreateMutexW',
'SetFilePointer',
'OutputDebugStringA',
'QueryPerformanceCounter',
'QueryPerformanceFrequency',
'SystemTimeToFileTime',
'SetEndOfFile',
'FlushFileBuffers',
'GetLocaleInfoW',
'GetUserDefaultUILanguage',
'InitializeCriticalSectionAndSpinCount',
'TlsAlloc',
'TlsGetValue',
'TlsFree',
'TlsSetValue',
'GetQueuedCompletionStatus',
'CreateIoCompletionPort',
'PostQueuedCompletionStatus',
'GetSystemPowerStatus',
'RtlCaptureStackBackTrace',
'GetCurrentThread',
'UnregisterWaitEx',
'RegisterWaitForSingleObject',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'ConnectNamedPipe',
'CancelIo',
'CreateNamedPipeW',
'GetNamedPipeInfo',
'TerminateJobObject',
'SignalObjectAndWait',
'GetProcessHandleCount',
'VirtualFree',
'WriteProcessMemory',
'VirtualAllocEx',
'GetThreadContext',
'VirtualProtectEx',
'VirtualFreeEx',
'CreateJobObjectW',
'OpenEventW',
'SearchPathW',
'DebugBreak',
'ReadProcessMemory',
'SetThreadContext',
'ContinueDebugEvent',
'WaitForDebugEvent',
'VirtualProtect',
'VirtualAlloc',
'SwitchToThread',
'SuspendThread',
'FlushInstructionCache',
'AddVectoredExceptionHandler',
'RemoveVectoredExceptionHandler',
'ExitProcess',
'MapViewOfFileEx',
'GetSystemTime',
'PeekNamedPipe',
'DisconnectNamedPipe',
'GetNamedPipeHandleStateW',
'EncodePointer',
'DecodePointer',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'HeapFree',
'GetStartupInfoW',
'SetStdHandle',
'GetFileType',
'HeapAlloc',
'HeapReAlloc',
'GetConsoleCP',
'GetConsoleMode',
'GetProcessHeap',
'ExitThread',
'RtlPcToFileHeader',
'CreateFileA',
'GetDriveTypeA',
'FindFirstFileExA',
'LCMapStringW',
'GetCPInfo',
'GetVersion',
'HeapCreate',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'HeapSize',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetTimeZoneInformation',
'WriteConsoleW',
'GetStringTypeW',
'GetFullPathNameA',
'GetLocaleInfoA',
'EnumSystemLocalesA',
'IsValidLocale',
'GetDriveTypeW',
'CompareStringW',
'SetEnvironmentVariableA',
'GetCurrentProcess',
'TerminateProcess',
'Sleep',
'CreateRemoteThread',
'GetModuleHandleA',
'GetProcAddress',
'LoadLibraryA',
'PostQuitMessage',
'PeekMessageW',
'GetQueueStatus',
'DefWindowProcW',
'SetTimer',
'RegisterClassExW',
'WaitMessage',
'MsgWaitForMultipleObjectsEx',
'UnregisterClassW',
'CloseWindowStation',
'CloseDesktop',
'CallMsgFilterW',
'CreateWindowStationW',
'KillTimer',
'CreateDesktopW',
'SetProcessWindowStation',
'GetThreadDesktop',
'GetUserObjectInformationW',
'DestroyWindow',
'CreateWindowExW',
'TranslateMessage',
'DispatchMessageW',
'PostMessageW',
'MessageBoxW',
'WaitForInputIdle',
'wsprintfW',
'CharUpperW',
'GetProcessWindowStation',
'RegSetValueExW',
'RegQueryInfoKeyW',
'RegCloseKey',
'RegEnumKeyExW',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegDeleteValueW',
'ConvertSidToStringSidW',
'CreateProcessAsUserW',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'GetTraceLoggerHandle',
'RegisterTraceGuidsW',
'UnregisterTraceGuids',
'TraceEvent',
'CryptDestroyKey',
'CryptReleaseContext',
'CryptDestroyHash',
'SetEntriesInAclW',
'GetTokenInformation',
'OpenProcessToken',
'GetSecurityInfo',
'CreateWellKnownSid',
'CopySid',
'LookupPrivilegeValueW',
'EqualSid',
'DuplicateToken',
'DuplicateTokenEx',
'CreateRestrictedToken',
'SetThreadToken',
'ConvertStringSidToSidW',
'GetLengthSid',
'SetTokenInformation',
'RevertToSelf',
'RegDisablePredefinedCache',
'CryptAcquireContextW',
'CryptImportKey',
'CryptCreateHash',
'CryptSetHashParam',
'CryptHashData',
'CryptGetHashParam',
'DestroyEnvironmentBlock',
'GetProfileType',
'CreateEnvironmentBlock',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'gethostbyname',
'shutdown',
'select',
'send',
'ntohs',
'closesocket',
'socket',
'htons',
'htonl',
'accept',
'listen',
'bind',
'setsockopt',
'WSACleanup',
'WSAStartup',
'recv',
'timeBeginPeriod',
'timeEndPeriod',
'timeGetTime',
'timeGetDevCaps',
'CoTaskMemFree'],
'LinkerVersion': 10,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 292,
'NumberOfSections': 9,
'OSVersion': 5,
'ResSize': 1504,
'StackReserveSize': 1048576,
'filename': './data/malware/514152828f6ecd9f0a5ee1698e79883ca97e39bb4dffeab7cfdd29b6495a2a0f'},
'5161cdafd0c6d79616d775f79214b2e7e3ad13de71db63e9fa6bfc448ba4084b': {'AddressOfEntryPoint': 43360,
'DebugRVA': 6272,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'COMCTL32.dll': 'CreateStatusWindowW',
'GDI32.dll': 'CreateFontIndirectW',
'KERNEL32.dll': 'CreateFileMappingW',
'NETAPI32.dll': 'NetApiBufferFree',
'SHELL32.dll': 'DragFinish',
'SHLWAPI.dll': 'PathFileExistsW',
'USER32.dll': 'wsprintfW',
'VERSION.dll': 'VerQueryValueW',
'WINTRUST.dll': 'CryptCATCatalogInfoFromContext',
'imagehlp.dll': 'MapFileAndCheckSumW',
'msvcrt.dll': 'free'},
'ImportedFunctions': ['_wcmdln',
'__wgetmainargs',
'_initterm',
'__setusermatherr',
'_commode',
'_c_exit',
'exit',
'??1type_info@@UEAA@XZ',
'__dllonexit',
'_XcptFilter',
'__C_specific_handler',
'_wcsicmp',
'_cexit',
'__set_app_type',
'_exit',
'memset',
'__CxxFrameHandler',
'malloc',
'__argc',
'__wargv',
'wcsrchr',
'_wcslwr',
'wcsstr',
'_fmode',
'_onexit',
'?terminate@@YAXXZ',
'memcpy',
'free',
'GetUserNameW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken',
'GlobalLock',
'GlobalUnlock',
'GlobalFree',
'GetVersion',
'GetWindowsDirectoryW',
'LoadLibraryW',
'FreeLibrary',
'GetPrivateProfileStringW',
'GetLocaleInfoW',
'lstrcmpiW',
'GetModuleFileNameW',
'GetVersionExW',
'GetModuleHandleW',
'GetProcAddress',
'GetSystemInfo',
'CopyFileW',
'lstrcpyW',
'lstrcmpW',
'lstrcatW',
'GetExitCodeProcess',
'GetLastError',
'GlobalAlloc',
'GetCurrentProcess',
'UnmapViewOfFile',
'IsBadReadPtr',
'MapViewOfFile',
'CreateFileW',
'WriteFile',
'SetFilePointer',
'Sleep',
'ReadFile',
'lstrcpynW',
'LockResource',
'LoadResource',
'FindResourceExW',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetStartupInfoW',
'DeleteFileW',
'MoveFileExW',
'GetTempFileNameW',
'WaitForSingleObject',
'CloseHandle',
'CreateMutexW',
'GetFileSize',
'CreateFileMappingW',
'GetObjectW',
'GetStockObject',
'CreateFontIndirectW',
'CharNextW',
'MessageBeep',
'LoadCursorW',
'SetCursor',
'InvalidateRect',
'ExitWindowsEx',
'GetClassNameW',
'GetSystemMetrics',
'LoadIconW',
'GetClientRect',
'IsIconic',
'GetSystemMenu',
'PostMessageW',
'SendMessageW',
'AppendMenuW',
'EnableWindow',
'MessageBoxW',
'DrawIcon',
'wsprintfW',
'DragQueryFileW',
'ShellExecuteExW',
'ShellExecuteW',
'DragFinish',
'PathFileExistsW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'VerQueryValueW',
'CheckSumMappedFile',
'MapFileAndCheckSumW',
'CreateStatusWindowW',
'CryptCATAdminEnumCatalogFromHash',
'CryptCATAdminReleaseContext',
'CryptCATAdminAcquireContext',
'CryptCATAdminCalcHashFromFileHandle',
'WinVerifyTrust',
'CryptCATAdminReleaseCatalogContext',
'CryptCATCatalogInfoFromContext',
'NetUserGetInfo',
'NetApiBufferFree'],
'LinkerVersion': 8,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 129,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 24112,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 24576,
'.text\x00\x00\x00': 49664},
'StackReserveSize': 524288,
'filename': './data/malware/5161cdafd0c6d79616d775f79214b2e7e3ad13de71db63e9fa6bfc448ba4084b'},
'519dfc9e14f6480a1a1ec3ba7745367d77e4dd798685eb8211e3dc23417ff43f': {'AddressOfEntryPoint': 222316,
'DebugRVA': 234288,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 233472,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionUnbindClass',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoGetDeviceObjectPointer',
'IoStartNextPacket',
'PoStartNextPowerIrp',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoFreeIrp',
'RtlWriteRegistryValue',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoCreateSymbolicLink',
'ObfDereferenceObject',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoReleaseCancelSpinLock',
'IofCallDriver',
'IoRegisterShutdownNotification',
'RtlCheckRegistryKey',
'RtlQueryRegistryValues',
'ZwEnumerateValueKey',
'IoGetDeviceProperty',
'RtlCreateRegistryKey',
'ZwEnumerateKey',
'KeClearEvent',
'KeInitializeMutex',
'KeSetEvent',
'KeInitializeEvent',
'KeReleaseSpinLock',
'KeReleaseMutex',
'KeWaitForSingleObject',
'KeAcquireSpinLockRaiseToDpc',
'IoBuildSynchronousFsdRequest',
'IoFreeWorkItem',
'IoAllocateWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoInitializeIrp',
'IoCreateSynchronizationEvent',
'ZwClose',
'ExEventObjectType',
'ObReferenceObjectByHandle',
'PoSetPowerState',
'IoDetachDevice',
'wcsstr',
'IoUnregisterPlugPlayNotification',
'towlower',
'ZwOpenKey',
'RtlUnicodeStringToAnsiString',
'RtlFreeAnsiString',
'KeInitializeDpc',
'KeInsertQueueDpc',
'KeSynchronizeExecution',
'MmUnmapLockedPages',
'ExFreePoolWithTag',
'MmBuildMdlForNonPagedPool',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'IoAllocateMdl',
'swprintf',
'PoRequestPowerIrp',
'IoCreateNotificationEvent',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'ZwCreateSection',
'ExQueueWorkItem',
'KeInitializeTimer',
'KeSetTimer',
'KeCancelTimer',
'KeSetTimerEx',
'ExAllocatePoolWithTag',
'IoBuildDeviceIoControlRequest',
'RtlAnsiStringToUnicodeString',
'RtlIntegerToUnicodeString',
'RtlInitAnsiString',
'KeDelayExecutionThread',
'RtlFreeUnicodeString',
'RtlAppendUnicodeStringToString',
'RtlCopyUnicodeString',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'IoCancelIrp',
'IoReleaseRemoveLockEx',
'RtlInitUnicodeString',
'PoRegisterSystemState',
'PoUnregisterSystemState',
'IoAcquireRemoveLockEx',
'KeQueryTimeIncrement',
'sprintf',
'IoRegisterPlugPlayNotification',
'_purecall',
'__C_specific_handler',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionBind',
'WdfVersionBindClass',
'WdfVersionUnbind',
'WdfVersionUnbindClass'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 98,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 960,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 7168,
'.rdata\x00\x00': 17408,
'.reloc\x00\x00': 3584,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 228352,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/519dfc9e14f6480a1a1ec3ba7745367d77e4dd798685eb8211e3dc23417ff43f'},
'51af36f519a74c3f2d5b673f1ca48ea3f92d6c60a8ea81c4daff5096b05edcbc': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3440,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 533504,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/51af36f519a74c3f2d5b673f1ca48ea3f92d6c60a8ea81c4daff5096b05edcbc'},
'528054a1dc69ce3038086b05c61ea7e4117057f5f21121ae1358ef0c1ce7b45e': {'AddressOfEntryPoint': 20656,
'DebugRVA': 25680,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'FindResourceW',
'SHELL32.dll': 'ShellExecuteW',
'USER32.dll': 'GetMenuItemCount',
'comdlg32.dll': 'GetOpenFileNameW',
'msvcrt.dll': '__set_app_type',
'ole32.dll': 'CoUninitialize'},
'ImportedFunctions': ['wcsrchr',
'wcscpy',
'wcscat',
'_wtoi',
'??2@YAPEAX_K@Z',
'_itow',
'strcpy',
'__dllonexit',
'_onexit',
'??3@YAXPEAX@Z',
'_XcptFilter',
'_c_exit',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'__wgetmainargs',
'_wcsicmp',
'free',
'wcschr',
'wcslen',
'memcpy',
'memset',
'_snwprintf',
'wcsncat',
'malloc',
'__C_specific_handler',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'GetStartupInfoW',
'ReadProcessMemory',
'VirtualFreeEx',
'CreateRemoteThread',
'ResumeThread',
'WaitForSingleObject',
'WriteProcessMemory',
'VirtualAllocEx',
'EnumResourceTypesW',
'GetLocalTime',
'SetErrorMode',
'GetPrivateProfileIntW',
'WritePrivateProfileStringW',
'GetPrivateProfileStringW',
'EnumResourceNamesW',
'LockResource',
'LoadResource',
'CreateProcessW',
'GetProcAddress',
'FreeLibrary',
'SystemTimeToFileTime',
'LoadLibraryW',
'GetSystemTime',
'GetTempPathW',
'SizeofResource',
'GetVersionExW',
'GetModuleHandleW',
'GetFileAttributesW',
'WriteFile',
'GetModuleFileNameW',
'CloseHandle',
'CreateFileW',
'FindResourceW',
'LoadMenuW',
'GetWindowTextW',
'DestroyWindow',
'SetWindowPos',
'LoadStringW',
'EnumChildWindows',
'DialogBoxParamW',
'CreateDialogParamW',
'GetParent',
'DestroyMenu',
'GetDlgCtrlID',
'GetMenuItemInfoW',
'GetDC',
'MapWindowPoints',
'ShowWindow',
'ChildWindowFromPoint',
'SetCursor',
'LoadCursorW',
'GetSysColorBrush',
'SendDlgItemMessageW',
'EndDialog',
'GetWindowRect',
'GetDlgItem',
'InvalidateRect',
'EndPaint',
'GetWindow',
'DrawFrameControl',
'SetWindowTextW',
'BeginPaint',
'SetDlgItemTextW',
'GetClientRect',
'GetDlgItemTextW',
'GetSystemMetrics',
'DeferWindowPos',
'SendMessageW',
'MessageBoxW',
'SetWindowLongW',
'GetWindowLongW',
'EndDeferWindowPos',
'BeginDeferWindowPos',
'LoadImageW',
'ReleaseDC',
'GetClassNameW',
'MoveWindow',
'SetFocus',
'GetMenuItemCount',
'GetDeviceCaps',
'SetTextColor',
'CreateFontIndirectW',
'SetBkMode',
'DeleteObject',
'GetOpenFileNameW',
'ShellExecuteW',
'CoInitialize',
'CoCreateInstance',
'CoUninitialize'],
'LinkerVersion': 8,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 121,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 8556,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 6656,
'.rsrc\x00\x00\x00': 8704,
'.text\x00\x00\x00': 17920},
'StackReserveSize': 1048576,
'filename': './data/malware/528054a1dc69ce3038086b05c61ea7e4117057f5f21121ae1358ef0c1ce7b45e'},
'5295f2deee57b943be839c444d77b28e4dcab0627cf744bce2ef7d2515d3c7ae': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 325796,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 326144,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/5295f2deee57b943be839c444d77b28e4dcab0627cf744bce2ef7d2515d3c7ae'},
'52c3a44ae22f0dbb72cb2de5fa19a46c9eb4ee0d79887aa390438bf1f1d63871': {'AddressOfEntryPoint': 86024,
'DebugRVA': 73888,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 73728,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NTOSKRNL.exe': 'KeBugCheckEx',
'storport.sys': 'ScsiPortNotification'},
'ImportedFunctions': ['StorPortGetBusData',
'StorPortGetScatterGatherList',
'StorPortDeviceReady',
'StorPortGetDeviceBase',
'StorPortLogError',
'StorPortSetBusDataByOffset',
'StorPortNotification',
'StorPortGetPhysicalAddress',
'StorPortInitialize',
'StorPortCompleteRequest',
'StorPortReady',
'StorPortGetUncachedExtension',
'StorPortDeviceBusy',
'StorPortStallExecution',
'StorPortDebugPrint',
'ScsiPortNotification',
'KeBugCheckEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 17,
'NumberOfSections': 7,
'OSVersion': 6,
'ResSize': 992,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 66560,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/52c3a44ae22f0dbb72cb2de5fa19a46c9eb4ee0d79887aa390438bf1f1d63871'},
'52f6e2401e4b1c6f91734b3dc20e10de648688de4a9f05dadc9c8e8931a64cd7': {'AddressOfEntryPoint': 1074002565,
'DebugRVA': 189472,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 188416,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'CreateFileA',
'VSSAPI.DLL': '?CreateVssBackupComponents@@YAJPEAPEAVIVssBackupComponents@@@Z',
'ole32.dll': 'CoUninitialize'},
'ImportedFunctions': ['CoInitializeSecurity',
'CoInitialize',
'CoUninitialize',
'?CreateVssBackupComponents@@YAJPEAPEAVIVssBackupComponents@@@Z',
'GetCPInfo',
'GetProcessHeap',
'SetEndOfFile',
'CloseHandle',
'GetVersionExW',
'GetCurrentProcessId',
'SetEvent',
'DuplicateHandle',
'GetCurrentProcess',
'CreateFileW',
'GetLastError',
'OpenProcess',
'GetOverlappedResult',
'WaitForMultipleObjects',
'ReadFile',
'CreateEventW',
'WaitForSingleObject',
'SetConsoleCtrlHandler',
'Sleep',
'InitializeCriticalSection',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'OutputDebugStringW',
'FreeLibrary',
'LoadLibraryW',
'GetProcAddress',
'SetLastError',
'FormatMessageW',
'LocalFree',
'GetModuleFileNameW',
'DeviceIoControl',
'LoadLibraryA',
'GetTickCount',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlUnwindEx',
'HeapAlloc',
'ExitThread',
'GetCurrentThreadId',
'CreateThread',
'LCMapStringA',
'WideCharToMultiByte',
'MultiByteToWideChar',
'LCMapStringW',
'GetFileAttributesW',
'HeapSetInformation',
'HeapCreate',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetLocaleInfoA',
'GetStringTypeA',
'GetStringTypeW',
'HeapReAlloc',
'GetUserDefaultLCID',
'EnumSystemLocalesA',
'IsValidLocale',
'GetConsoleCP',
'GetConsoleMode',
'FlushFileBuffers',
'SetFilePointer',
'InitializeCriticalSectionAndSpinCount',
'GetLocaleInfoW',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'SetStdHandle',
'CreateFileA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 101,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 2492,
'SectionNames': {'.data\x00\x00\x00': 12800,
'.pdata\x00\x00': 11776,
'.rdata\x00\x00': 44544,
'.text\x00\x00\x00': 182272,
'A\x14\x04\x00c\x00\x00\x00': 2560},
'StackReserveSize': 1048576,
'filename': './data/malware/52f6e2401e4b1c6f91734b3dc20e10de648688de4a9f05dadc9c8e8931a64cd7'},
'5314ff1f49a498544f8d4d3afdbc8e3536a958e7ba75e5dac1b8ccd183b62126': {'AddressOfEntryPoint': 19200,
'DebugRVA': 5104,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'FindResourceExW',
'SETUPAPI.dll': 'SetupDiDestroyDeviceInfoList',
'SHLWAPI.dll': 'PathFileExistsW',
'USER32.dll': 'FindWindowW',
'msvcrt.dll': 'memset'},
'ImportedFunctions': ['exit',
'_acmdln',
'__getmainargs',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'malloc',
'free',
'??3@YAXPEAX@Z',
'??2@YAPEAX_K@Z',
'_wcsicmp',
'_wcsnicmp',
'iswalpha',
'towupper',
'towlower',
'wcschr',
'_wcsdup',
'wprintf',
'wcsstr',
'memset',
'GetSidSubAuthorityCount',
'RegOpenKeyW',
'RegDeleteKeyW',
'DuplicateTokenEx',
'OpenProcessToken',
'GetTokenInformation',
'GetSidSubAuthority',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCloseKey',
'GetFullPathNameW',
'GetCurrentProcessId',
'LoadLibraryA',
'CreateProcessW',
'WaitForSingleObject',
'LoadLibraryW',
'GetProcAddress',
'GetStartupInfoA',
'lstrlenW',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'lstrcpynW',
'lstrcpyW',
'DeleteFileW',
'lstrcatW',
'GetWindowsDirectoryW',
'Sleep',
'GetFileAttributesW',
'CreateMutexW',
'GetCurrentProcess',
'FreeResource',
'LockResource',
'LoadResource',
'RtlCaptureContext',
'GetEnvironmentVariableW',
'GetVersion',
'lstrcmpW',
'GetLocaleInfoW',
'GetLastError',
'CloseHandle',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'OpenProcess',
'FreeLibrary',
'FindResourceExW',
'DialogBoxParamW',
'ExitWindowsEx',
'CharNextW',
'PostMessageW',
'SetWindowTextW',
'ShowWindow',
'EndDialog',
'LoadStringW',
'MessageBoxW',
'SetDlgItemTextW',
'GetDlgItem',
'EnableWindow',
'GetWindowThreadProcessId',
'FindWindowW',
'SetupDiCallClassInstaller',
'SetupDiSetDeviceRegistryPropertyW',
'SetupDiCreateDeviceInfoW',
'SetupDiCreateDeviceInfoList',
'SetupDiGetINFClassW',
'SetupDiGetDeviceInstallParamsW',
'SetupDiSetClassInstallParamsW',
'CM_Get_Device_ID_ExW',
'SetupDiGetDeviceInfoListDetailW',
'SetupDiGetDeviceRegistryPropertyW',
'SetupDiEnumDeviceInfo',
'SetupDiOpenDeviceInfoW',
'SetupDiGetClassDevsExW',
'SetupDiCreateDeviceInfoListExW',
'SetupDiClassGuidsFromNameExW',
'CM_Get_DevNode_Status_Ex',
'SetupDiDestroyDeviceInfoList',
'PathFileExistsW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 114,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 5736,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1024,
'.rsrc\x00\x00\x00': 6144,
'.text\x00\x00\x00': 20480},
'StackReserveSize': 524288,
'filename': './data/malware/5314ff1f49a498544f8d4d3afdbc8e3536a958e7ba75e5dac1b8ccd183b62126'},
'5319d4e1f53c44803c2952361d555510324a06072dc3c1c13c98594bc70013d7': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 2751520,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2752000,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/5319d4e1f53c44803c2952361d555510324a06072dc3c1c13c98594bc70013d7'},
'534437dbaf653a5eb9eeb7f50df6a105800ee722527a598cf222eb488a3a7095': {'AddressOfEntryPoint': 166544,
'DebugRVA': 173680,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 172032,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'GetCurrentProcessId',
'MSVCP80.dll': '?_Myptr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@IEAAPEAGXZ',
'MSVCR80.dll': '__CxxFrameHandler3',
'SHELL32.dll': 'ShellExecuteW',
'SHLWAPI.dll': 'PathIsDirectoryW',
'USER32.dll': 'wsprintfW'},
'ImportedFunctions': ['SetLastError',
'DeleteFileW',
'FindClose',
'FindNextFileW',
'FindFirstFileW',
'RemoveDirectoryW',
'GetModuleFileNameW',
'GetCurrentProcess',
'GetModuleHandleW',
'OutputDebugStringW',
'SetUnhandledExceptionFilter',
'SetFilePointer',
'FormatMessageW',
'VirtualQuery',
'IsBadWritePtr',
'GetCurrentThread',
'WriteFile',
'InitializeCriticalSection',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'CreateFileW',
'WriteConsoleW',
'GetLastError',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'UnhandledExceptionFilter',
'TerminateProcess',
'WaitForSingleObject',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'RtlCaptureContext',
'Sleep',
'SetEvent',
'lstrlenW',
'lstrcpynW',
'LoadLibraryW',
'GetProcAddress',
'CloseHandle',
'FreeLibrary',
'CreateEventW',
'ResetEvent',
'RaiseException',
'RtlLookupFunctionEntry',
'GetCurrentProcessId',
'wvsprintfW',
'wsprintfW',
'SHGetMalloc',
'SHGetPathFromIDListW',
'SHGetFolderLocation',
'ShellExecuteW',
'??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z',
'??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAXXZ',
'?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KXZ',
'?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ',
'??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@H@Z',
'??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@AEBV01@@Z',
'??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBGAEBV10@@Z',
'??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@AEBV10@0@Z',
'??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@AEBV10@PEBG@Z',
'?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2_KB',
'?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KAEBV12@_K@Z',
'?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAHPEBG@Z',
'??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z',
'??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z',
'?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ',
'?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z',
'?width@ios_base@std@@QEAA_J_J@Z',
'?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z',
'?eq_int_type@?$char_traits@G@std@@SA_NAEBG0@Z',
'?eof@?$char_traits@G@std@@SAGXZ',
'?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z',
'?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ',
'?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@PEBG@Z',
'?flags@ios_base@std@@QEBAHXZ',
'?width@ios_base@std@@QEBA_JXZ',
'?length@?$char_traits@G@std@@SA_KPEBG@Z',
'?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ',
'?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ',
'?good@ios_base@std@@QEBA_NXZ',
'?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ',
'?uncaught_exception@std@@YA_NXZ',
'?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAXXZ',
'?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAXXZ',
'??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@PEBG@Z',
'?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@_K0@Z',
'?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@V32@0@Z',
'?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ',
'?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ',
'??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z',
'?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA?AV12@_K0@Z',
'?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAXAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@@Z',
'??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z',
'?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@_K0PEBG@Z',
'?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAHAEBV12@@Z',
'??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAG_K@Z',
'?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KAEBV12@_K@Z',
'?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KAEBV12@_K@Z',
'??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@AEBV01@@Z',
'?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z',
'??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBG@Z',
'??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z',
'??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPEBGAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z',
'?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAXAEAV12@@Z',
'?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KXZ',
'??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z',
'??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z',
'??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z',
'?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_NXZ',
'??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z',
'?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z',
'??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z',
'?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAPEBGXZ',
'??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@PEBG@Z',
'??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV01@@Z',
'??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG@Z',
'?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A',
'??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ',
'??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ',
'?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ',
'?_Myptr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@IEAAPEAGXZ',
'_waccess',
'_wchmod',
'_wrmdir',
'wcscmp',
'strlen',
'wcslen',
'towupper',
'towlower',
'wcsrchr',
'memset',
'??_V@YAXPEAX@Z',
'mbstowcs_s',
'wcstombs_s',
'_vsnwprintf_s',
'wcscpy',
'wcsncpy',
'_wstrtime',
'_wstrdate',
'wcschr',
'_amsg_exit',
'__wgetmainargs',
'__C_specific_handler',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'__winitenv',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'_encode_pointer',
'__set_app_type',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'?terminate@@YAXXZ',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'__crt_debugger_hook',
'_errno',
'?what@exception@std@@UEBAPEBDXZ',
'??0exception@std@@QEAA@AEBQEBD@Z',
'??2@YAPEAX_K@Z',
'??0exception@std@@QEAA@XZ',
'??1exception@std@@UEAA@XZ',
'??0exception@std@@QEAA@AEBV01@@Z',
'_invalid_parameter_noinfo',
'_CxxThrowException',
'_vswprintf',
'getchar',
'wprintf',
'wcsstr',
'_wtoi',
'??3@YAXPEAX@Z',
'__CxxFrameHandler3',
'PathIsDirectoryW',
'RegSetValueExW',
'RegCreateKeyExW',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCloseKey'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 190,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 21472,
'SectionNames': {'.data\x00\x00\x00': 18432,
'.pdata\x00\x00': 15360,
'.rdata\x00\x00': 144384,
'.rsrc\x00\x00\x00': 21504,
'.text\x00\x00\x00': 164864},
'StackReserveSize': 1048576,
'filename': './data/malware/534437dbaf653a5eb9eeb7f50df6a105800ee722527a598cf222eb488a3a7095'},
'535885cccbbc206bc77bec26a8cf2cc70dc2fc005b0daa46b347083931894b45': {'AddressOfEntryPoint': 97255,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 95816,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'FLTMGR.SYS': 'FltGetVolumeContext',
'hal.dll': 'HalMakeBeep',
'ntoskrnl.exe': 'NtQuerySystemInformation'},
'ImportedFunctions': ['RtlCompareUnicodeString',
'RtlCopyUnicodeString',
'ExpInterlockedPushEntrySList',
'ExpInterlockedPopEntrySList',
'ExQueryDepthSList',
'PsLookupProcessByProcessId',
'KeResetEvent',
'IoIs32bitProcess',
'KeWaitForSingleObject',
'ExAcquireResourceSharedLite',
'KeDelayExecutionThread',
'PsCreateSystemThread',
'PsTerminateSystemThread',
'ZwClose',
'KeBugCheckEx',
'RtlAppendUnicodeToString',
'strstr',
'strncmp',
'PsGetCurrentProcessId',
'PsGetCurrentThreadId',
'RtlFreeAnsiString',
'_vsnprintf',
'FsRtlIsNameInExpression',
'RtlUnicodeStringToAnsiString',
'IoThreadToProcess',
'ExDeleteNPagedLookasideList',
'ExInitializeResourceLite',
'ObfDereferenceObject',
'ExDeleteResourceLite',
'ExReleaseResourceLite',
'IoGetCurrentProcess',
'wcsstr',
'IoVolumeDeviceToDosName',
'KeEnterCriticalRegion',
'PsSetCreateProcessNotifyRoutine',
'PsSetCreateThreadNotifyRoutine',
'KeInitializeEvent',
'RtlInitUnicodeString',
'PsRemoveCreateThreadNotifyRoutine',
'ExInitializeNPagedLookasideList',
'KeLeaveCriticalRegion',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'KeSetEvent',
'ExAcquireResourceExclusiveLite',
'__C_specific_handler',
'_local_unwind',
'FltParseFileNameInformation',
'FltReleaseFileNameInformation',
'FltGetFileNameInformation',
'FltIsDirectory',
'FltCancelFileOpen',
'FltSetVolumeContext',
'FltStartFiltering',
'FltRegisterFilter',
'FltBuildDefaultSecurityDescriptor',
'FltGetVolumeName',
'FltCloseCommunicationPort',
'FltUnregisterFilter',
'FltAllocateContext',
'FltReleaseContext',
'FltFreeSecurityDescriptor',
'FltGetVolumeProperties',
'FltGetDiskDeviceObject',
'FltCreateCommunicationPort',
'FltCloseClientPort',
'FltGetVolumeContext',
'DbgPrint',
'IoAllocateMdl',
'MmProbeAndLockPages',
'MmMapLockedPagesSpecifyCache',
'MmUnlockPages',
'IoFreeMdl',
'ExAllocatePool',
'ExFreePool',
'NtQuerySystemInformation',
'HalMakeBeep'],
'LinkerVersion': 9,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 77,
'NumberOfSections': 11,
'OSVersion': 6,
'ResSize': 944,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 6144,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 28672,
'.vmp0\x00\x00\x00': 512,
'.vmp1\x00\x00\x00': 5120,
'.vmp2\x00\x00\x00': 19456,
'INIT\x00\x00\x00\x00': 3584,
'PAGE\x00\x00\x00\x00': 8704},
'StackReserveSize': 262144,
'filename': './data/malware/535885cccbbc206bc77bec26a8cf2cc70dc2fc005b0daa46b347083931894b45'},
'538d982b1151cb6e367f5c3a27a02c4d8c8ec0c467d7dcd50df5d7b97aaef0db': {'AddressOfEntryPoint': 140288,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 32768,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteValueA',
'KERNEL32.dll': 'LCMapStringA',
'SETUPAPI.dll': 'SetupDiEnumDeviceInfo',
'SHELL32.dll': 'SHFileOperationA',
'USER32.dll': 'MessageBoxA'},
'ImportedFunctions': ['SetupDiGetClassDevsA',
'SetupDiCallClassInstaller',
'SetupDiOpenDevRegKey',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiDestroyDeviceInfoList',
'SetupDiEnumDeviceInfo',
'OpenFile',
'GetWindowsDirectoryA',
'LocalAlloc',
'LocalFree',
'GetLastError',
'SetLastError',
'FormatMessageA',
'CloseHandle',
'ReadFile',
'lstrlenA',
'RemoveDirectoryA',
'FindClose',
'FindNextFileA',
'FindFirstFileA',
'DeleteFileA',
'GetCurrentDirectoryA',
'GetStringTypeW',
'GetStringTypeA',
'LoadLibraryA',
'Sleep',
'GetLocaleInfoA',
'VirtualProtect',
'GetSystemInfo',
'VirtualQuery',
'CreateFileA',
'GetCommandLineA',
'LCMapStringW',
'MultiByteToWideChar',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'ExitProcess',
'GetProcAddress',
'GetModuleHandleA',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'UnhandledExceptionFilter',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'HeapCreate',
'LCMapStringA',
'MessageBoxA',
'RegOpenKeyA',
'RegDeleteKeyA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegEnumKeyA',
'RegCloseKey',
'RegDeleteValueA',
'SHFileOperationA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 68,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 960,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 9216,
'.rsrc\x00\x00\x00': 77312,
'.text\x00\x00\x00': 26112},
'StackReserveSize': 1048576,
'filename': './data/malware/538d982b1151cb6e367f5c3a27a02c4d8c8ec0c467d7dcd50df5d7b97aaef0db'},
'53d7a3530e71c5c0d5a1e8fd9456ee6a49e39dbbed6b19044a6b15855b8c0b3c': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 295948,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 296448,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/53d7a3530e71c5c0d5a1e8fd9456ee6a49e39dbbed6b19044a6b15855b8c0b3c'},
'53d8fb74b81b035f85ac1336ee841988b512682f1e46eb843c33185a3280f7c1': {'AddressOfEntryPoint': 12744,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 40960,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'HeapReAlloc',
'PSAPI.DLL': 'EnumProcessModules',
'SHLWAPI.dll': 'StrCmpW'},
'ImportedFunctions': ['CloseHandle',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'GetModuleFileNameW',
'CreateFileW',
'TerminateProcess',
'GetCurrentProcess',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetExitCodeProcess',
'OpenProcess',
'CreateThread',
'Sleep',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'EncodePointer',
'DecodePointer',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'LCMapStringW',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetStringTypeW',
'HeapReAlloc',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken',
'GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'StrCmpW'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 75,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4096,
'.pdata\x00\x00': 2560,
'.rdata\x00\x00': 17408,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 36352},
'StackReserveSize': 1048576,
'filename': './data/malware/53d8fb74b81b035f85ac1336ee841988b512682f1e46eb843c33185a3280f7c1'},
'53e2b6a7f41c6479a40ee20a0048b0e0f851b85c051a38972efb06cf065430e5': {'AddressOfEntryPoint': 1073906971,
'DebugRVA': 62672,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 61440,
'ImageBase': 4194304,
'ImageVersion': 9,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'RtlCaptureContext',
'MSVCR90.dll': '_close',
'mspdb80.dll': '?Open2W@PDB@@SAHPEBGPEBDPEAJPEAG_KPEAPEAU1@@Z'},
'ImportedFunctions': ['RegQueryValueExW',
'RegOpenKeyExW',
'RegCloseKey',
'SetLastError',
'GetSystemInfo',
'HeapCreate',
'HeapDestroy',
'HeapAlloc',
'HeapFree',
'GetVersion',
'ExpandEnvironmentStringsW',
'CloseHandle',
'MapViewOfFile',
'CreateFileMappingW',
'LoadResource',
'FindResourceExW',
'UnmapViewOfFile',
'ReleaseMutex',
'SetEvent',
'WaitForSingleObject',
'CreateProcessW',
'GetCurrentThreadId',
'GetCurrentProcessId',
'DuplicateHandle',
'GetCurrentProcess',
'CreateMutexW',
'CreateEventW',
'LoadLibraryExW',
'FindClose',
'FindNextFileW',
'GetLastError',
'FindFirstFileW',
'GetFileAttributesW',
'GetUserDefaultUILanguage',
'SetFileTime',
'SetEndOfFile',
'GetFileTime',
'CreateFileW',
'GetModuleFileNameW',
'VirtualQuery',
'SetUnhandledExceptionFilter',
'SetErrorMode',
'HeapSetInformation',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetConsoleMode',
'GetFileType',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetTickCount',
'QueryPerformanceCounter',
'Sleep',
'RtlCaptureContext',
'fgetwc',
'ftell',
'_wutime64',
'exit',
'_wunlink',
'swprintf_s',
'memcpy_s',
'_wpgmptr',
'wcsncpy_s',
'swscanf_s',
'_itow_s',
'wcsncat_s',
'_wmakepath_s',
'_wsplitpath_s',
'_wcserror_s',
'fseek',
'_errno',
'_wsopen_s',
'_wfsopen',
'_read',
'_wgetcwd',
'memmove',
'setlocale',
'wcschr',
'wcsrchr',
'towlower',
'iswlower',
'iswupper',
'iswalpha',
'_wfindfirst64i32',
'_wfindnext64i32',
'_findclose',
'towupper',
'wcscspn',
'free',
'strcpy_s',
'calloc',
'realloc',
'_get_osfhandle',
'_fileno',
'__iob_func',
'fflush',
'vfwprintf',
'_vcwprintf',
'_amsg_exit',
'__wgetmainargs',
'__C_specific_handler',
'_XcptFilter',
'_exit',
'_cexit',
'__winitenv',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_fmode',
'_encode_pointer',
'__set_app_type',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'?terminate@@YAXXZ',
'__crt_debugger_hook',
'_wcsicmp',
'memcpy',
'signal',
'_snwprintf_s',
'wcscat_s',
'_wstat64i32',
'wcscpy_s',
'memset',
'_close',
'?open@NameMap@@SAHPEAUPDB@@HPEAPEAU1@@Z',
'?Open2W@PDB@@SAHPEBGPEBDPEAJPEAG_KPEAPEAU1@@Z'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 134,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 6824,
'StackReserveSize': 1048576,
'filename': './data/malware/53e2b6a7f41c6479a40ee20a0048b0e0f851b85c051a38972efb06cf065430e5'},
'542afb77433a3fe19788642e90f3a675fe7040e7283aab5e93266df398c65eae': {'AddressOfEntryPoint': 33228,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 61440,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'KERNEL32.dll': 'WideCharToMultiByte',
'PSAPI.DLL': 'EnumProcessModules',
'USER32.dll': 'MessageBoxW'},
'ImportedFunctions': ['GetModuleBaseNameW',
'GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'GetStringTypeW',
'GetCurrentProcess',
'SetPriorityClass',
'CreateThread',
'SetThreadPriority',
'Sleep',
'OpenProcess',
'CloseHandle',
'GetModuleFileNameW',
'GetLongPathNameW',
'CreateProcessW',
'GetLastError',
'GetExitCodeProcess',
'TerminateProcess',
'MultiByteToWideChar',
'LCMapStringW',
'lstrcpyW',
'FlsGetValue',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetProcAddress',
'GetModuleHandleW',
'ExitProcess',
'RtlUnwindEx',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'LoadLibraryW',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'MessageBoxW',
'LookupPrivilegeValueW',
'OpenProcessToken',
'AdjustTokenPrivileges'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 17920,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 56832},
'StackReserveSize': 1048576,
'filename': './data/malware/542afb77433a3fe19788642e90f3a675fe7040e7283aab5e93266df398c65eae'},
'5480b04b18624c10222fd5bf67a19e4ec6b606561e477b928e80c7211532c79a': {'AddressOfEntryPoint': 21182,
'DebugRVA': 25312,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegEnumKeyA',
'KERNEL32.dll': 'GetModuleFileNameA',
'jli.dll': 'JLI_MemFree',
'msvcrt.dll': '_strnicmp'},
'ImportedFunctions': ['JLI_ExactVersionId',
'JLI_JarUnpackFile',
'JLI_StringDup',
'JLI_ParseManifest',
'JLI_ValidVersionString',
'JLI_AcceptableRelease',
'JLI_FreeManifest',
'JLI_MemAlloc',
'JLI_MemFree',
'RegOpenKeyExA',
'RegCloseKey',
'RegQueryValueExA',
'RegEnumKeyA',
'_beginthreadex',
'_putenv',
'__C_specific_handler',
'_XcptFilter',
'_c_exit',
'_exit',
'_cexit',
'__initenv',
'__getmainargs',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'fflush',
'_errno',
'strerror',
'strchr',
'fgets',
'strcspn',
'strspn',
'strrchr',
'fopen',
'fwrite',
'fread',
'fclose',
'_iob',
'fprintf',
'memset',
'getenv',
'strcmp',
'exit',
'strcpy',
'strcat',
'printf',
'sprintf',
'memcpy',
'strncmp',
'sscanf',
'strlen',
'_access',
'_stat',
'_strnicmp',
'GetLastError',
'CloseHandle',
'FormatMessageA',
'WaitForSingleObject',
'CreateProcessA',
'LocalFree',
'QueryPerformanceFrequency',
'QueryPerformanceCounter',
'GetExitCodeProcess',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'LoadLibraryA',
'GetProcAddress',
'GetExitCodeThread',
'FreeLibrary',
'GetCommandLineA',
'GetModuleFileNameA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 82,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 2008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 11776,
'.rsrc\x00\x00\x00': 29696,
'.text\x00\x00\x00': 17408},
'StackReserveSize': 1048576,
'filename': './data/malware/5480b04b18624c10222fd5bf67a19e4ec6b606561e477b928e80c7211532c79a'},
'5481e9586cd65b71cace4a3d25af4eb5e77f431066ff72e01b772a67635032c4': {'AddressOfEntryPoint': 29536,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 114688,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'GDI32.dll': 'BitBlt',
'KERNEL32.dll': 'UnmapViewOfFile',
'SHLWAPI.dll': 'PathFileExistsA',
'USER32.dll': 'UnregisterClassA',
'WINSPOOL.DRV': 'OpenPrinterA'},
'ImportedFunctions': ['lstrlenA',
'GetSystemDefaultUILanguage',
'GetUserDefaultLangID',
'GetUserDefaultUILanguage',
'GetLastError',
'GetSystemDefaultLangID',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'SetLastError',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'lstrcmpiA',
'lstrcmpA',
'GlobalDeleteAtom',
'GlobalAlloc',
'GlobalLock',
'GetCurrentThread',
'GetModuleFileNameA',
'FreeResource',
'LockResource',
'LoadResource',
'FindResourceA',
'GlobalFree',
'GetVersionExA',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetModuleHandleA',
'lstrcpynA',
'lstrcatA',
'GlobalFindAtomA',
'GlobalAddAtomA',
'GlobalGetAtomNameA',
'GetVersion',
'MulDiv',
'WritePrivateProfileStringA',
'lstrcpyA',
'GlobalFlags',
'LocalAlloc',
'LocalFree',
'LeaveCriticalSection',
'GlobalReAlloc',
'GlobalHandle',
'EnterCriticalSection',
'TlsGetValue',
'InitializeCriticalSection',
'TlsAlloc',
'TlsSetValue',
'LocalReAlloc',
'DeleteCriticalSection',
'TlsFree',
'GetProcessVersion',
'GetCPInfo',
'GetOEMCP',
'SetErrorMode',
'SetFilePointer',
'FlushFileBuffers',
'WriteFile',
'GetCommandLineA',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'RtlUnwindEx',
'ExitProcess',
'RaiseException',
'RtlPcToFileHeader',
'GetACP',
'HeapReAlloc',
'HeapSize',
'GetStdHandle',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'HeapSetInformation',
'HeapCreate',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'GetLocaleInfoA',
'IsBadReadPtr',
'IsBadWritePtr',
'IsBadCodePtr',
'SetStdHandle',
'Sleep',
'CreateMutexA',
'OpenFileMappingA',
'MapViewOfFile',
'OpenEventA',
'WaitForSingleObject',
'SetEvent',
'ReleaseMutex',
'CloseHandle',
'GlobalUnlock',
'UnmapViewOfFile',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'RegSetValueExA',
'RegCreateKeyExA',
'IsWindowVisible',
'GetActiveWindow',
'CallNextHookEx',
'SetWindowsHookExA',
'LoadBitmapA',
'GetMenuCheckMarkDimensions',
'CheckMenuItem',
'EnableMenuItem',
'GetMenuState',
'ModifyMenuA',
'GetNextDlgTabItem',
'GetFocus',
'SetMenuItemBitmaps',
'EndDialog',
'GetDlgItem',
'DestroyWindow',
'CreateDialogIndirectParamA',
'SendDlgItemMessageA',
'SetDlgItemTextA',
'IsDialogMessageA',
'SetWindowTextA',
'GetWindowTextA',
'GetDlgCtrlID',
'SetFocus',
'SetWindowPos',
'GetWindow',
'CopyRect',
'GetWindowPlacement',
'CallWindowProcA',
'GetClassInfoA',
'wsprintfA',
'GetMenuItemCount',
'GetMessageA',
'AdjustWindowRectEx',
'GetSubMenu',
'GetMenu',
'GetSysColor',
'UpdateWindow',
'MapWindowPoints',
'GetTopWindow',
'SetWindowLongPtrA',
'GetMessagePos',
'GetMessageTime',
'GetWindowLongPtrA',
'RemovePropA',
'GetPropA',
'SetPropA',
'GetClassLongA',
'CreateWindowExA',
'WinHelpA',
'RegisterWindowMessageA',
'TabbedTextOutA',
'DrawTextA',
'GrayStringA',
'ClientToScreen',
'BeginPaint',
'EndPaint',
'GetClassNameA',
'PtInRect',
'GetSysColorBrush',
'DestroyMenu',
'PeekMessageA',
'GetWindowLongA',
'GetLastActivePopup',
'IsWindowEnabled',
'SetCursor',
'UnhookWindowsHookEx',
'TranslateMessage',
'DispatchMessageA',
'GetKeyState',
'GetMenuItemID',
'ValidateRect',
'MonitorFromRect',
'MoveWindow',
'GetDesktopWindow',
'EnumDisplayMonitors',
'GetMonitorInfoA',
'FindWindowA',
'GetCapture',
'GetDC',
'ReleaseDC',
'ReleaseCapture',
'SetCapture',
'SetRect',
'FillRect',
'GetParent',
'ShowWindow',
'MessageBoxA',
'OpenClipboard',
'EmptyClipboard',
'SetClipboardData',
'CloseClipboard',
'IsWindow',
'MapVirtualKeyA',
'ScreenToClient',
'DefWindowProcA',
'GetCursorPos',
'SetCursorPos',
'GetForegroundWindow',
'GetWindowThreadProcessId',
'SystemParametersInfoA',
'SetActiveWindow',
'SetForegroundWindow',
'PostQuitMessage',
'GetSystemMetrics',
'GetAsyncKeyState',
'LoadStringA',
'EnableWindow',
'LoadIconA',
'GetClientRect',
'GetWindowRect',
'IsIconic',
'DrawIcon',
'RegisterClassA',
'LoadCursorA',
'AttachThreadInput',
'SendInput',
'SendNotifyMessageA',
'SendMessageTimeoutA',
'SendMessageA',
'PostMessageA',
'UnregisterClassA',
'SaveDC',
'GetObjectA',
'SelectObject',
'MoveToEx',
'LineTo',
'SetBkColor',
'SetTextColor',
'GetClipBox',
'RestoreDC',
'CreateBitmap',
'GetDeviceCaps',
'ScaleWindowExtEx',
'SetWindowExtEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'Escape',
'ExtTextOutA',
'TextOutA',
'RectVisible',
'PtVisible',
'SetMapMode',
'GetStockObject',
'DeleteDC',
'DeleteObject',
'CreatePen',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'BitBlt',
'PathFileExistsA',
'ClosePrinter',
'DocumentPropertiesA',
'OpenPrinterA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 274,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 29968,
'SectionNames': {'.data\x00\x00\x00': 8192,
'.pdata\x00\x00': 9728,
'.rdata\x00\x00': 44544,
'.rsrc\x00\x00\x00': 30208,
'.text\x00\x00\x00': 110592},
'StackReserveSize': 1048576,
'filename': './data/malware/5481e9586cd65b71cace4a3d25af4eb5e77f431066ff72e01b772a67635032c4'},
'54940ef6bc662a3cb3ad5c9155e28a8c459ac919497aa9dc123e5e1af7379b34': {'AddressOfEntryPoint': 52012,
'DebugRVA': 140480,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 139264,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'SetSecurityInfo',
'KERNEL32.dll': 'EnterCriticalSection',
'USER32.dll': 'DispatchMessageA'},
'ImportedFunctions': ['GetVersionExA',
'GetLastError',
'WaitForMultipleObjects',
'ReleaseMutex',
'ReleaseSemaphore',
'LocalFree',
'WaitForSingleObject',
'LocalAlloc',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'CreateEventA',
'CreateMutexA',
'CreateSemaphoreA',
'HeapAlloc',
'GetProcessHeap',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'RaiseException',
'RtlPcToFileHeader',
'RtlUnwindEx',
'HeapFree',
'ExitThread',
'CreateThread',
'WriteConsoleW',
'GetFileType',
'GetStdHandle',
'LCMapStringA',
'LCMapStringW',
'GetCPInfo',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetLocaleInfoA',
'GetStringTypeA',
'GetStringTypeW',
'HeapReAlloc',
'GetUserDefaultLCID',
'EnumSystemLocalesA',
'IsValidLocale',
'InitializeCriticalSectionAndSpinCount',
'GetLocaleInfoW',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'FlushFileBuffers',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'OpenProcess',
'OpenEventA',
'ResetEvent',
'Sleep',
'CreateFileA',
'CloseHandle',
'SetEvent',
'GetCurrentProcessId',
'GetTickCount',
'GetModuleFileNameA',
'SetUnhandledExceptionFilter',
'GetCurrentThreadId',
'DeleteCriticalSection',
'InitializeCriticalSection',
'LeaveCriticalSection',
'TerminateProcess',
'EnterCriticalSection',
'SetWindowsHookExA',
'UnhookWindowsHookEx',
'MsgWaitForMultipleObjectsEx',
'PeekMessageA',
'TranslateMessage',
'DispatchMessageA',
'RegOpenKeyExA',
'RegCloseKey',
'RegQueryValueExA',
'InitializeAcl',
'SetSecurityInfo'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 105,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1832,
'SectionNames': {'.data\x00\x00\x00': 11264,
'.pdata\x00\x00': 9216,
'.rdata\x00\x00': 40960,
'.reloc\x00\x00': 2560,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 132096},
'StackReserveSize': 1048576,
'filename': './data/malware/54940ef6bc662a3cb3ad5c9155e28a8c459ac919497aa9dc123e5e1af7379b34'},
'54a018f57390ca007adcec44a49e510ab0cf78e4e9698fb9daaa3fc07cfa18f4': {'AddressOfEntryPoint': 225914,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 233472,
'ImageBase': 4194304,
'ImageVersion': 4232,
'ImportedDLL': {'ADVAPI32.dll': 'GetNumberOfEventLogRecords',
'CRYPT32.dll': 'CertFreeCertificateContext',
'IPHLPAPI.DLL': 'GetAdaptersInfo',
'KERNEL32.dll': 'WideCharToMultiByte',
'MSVCR80.dll': '_encode_pointer',
'OLEAUT32.dll': 'VariantClear',
'RPCRT4.dll': 'UuidCreate',
'SETUPAPI.dll': 'SetupDiEnumDeviceInterfaces',
'SHELL32.dll': 'CommandLineToArgvW',
'WINTRUST.dll': 'CryptCATAdminCalcHashFromFileHandle',
'mscoree.dll': 'GetHashFromFileW',
'msvcm80.dll': '?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6AJPEAX@Z0@Z',
'ole32.dll': 'CoTaskMemAlloc'},
'ImportedFunctions': ['__FrameUnwindFilter',
'_time64',
'??2@YAPEAX_K@Z',
'??3@YAXPEAX@Z',
'sprintf',
'memmove',
'strncmp',
'strchr',
'atol',
'atoi',
'_strtoui64',
'??_U@YAPEAX_K@Z',
'_strupr',
'strrchr',
'_gmtime32_s',
'_wcsupr',
'wcsncmp',
'wcstombs',
'strncpy',
'strstr',
'__crt_debugger_hook',
'memset',
'_CxxThrowException',
'_strnicmp',
'__p__fmode',
'__p__commode',
'_configthreadlocale',
'__wgetmainargs',
'_XcptFilter',
'__set_app_type',
'_amsg_exit',
'_cexit',
'__CxxUnregisterExceptionObject',
'__CxxQueryExceptionSize',
'__CxxDetectRethrow',
'__CxxRegisterExceptionObject',
'__CxxExceptionFilter',
'free',
'malloc',
'__CxxFrameHandler3',
'?terminate@@YAXXZ',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'memcmp',
'_decode_pointer',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'__C_specific_handler',
'_encode_pointer',
'RegCloseKey',
'CryptGenRandom',
'CryptAcquireContextA',
'SetThreadToken',
'RevertToSelf',
'OpenThreadToken',
'CloseEventLog',
'ReadEventLogA',
'RegOpenKeyExA',
'RegEnumValueA',
'OpenEventLogA',
'GetNumberOfEventLogRecords',
'CloseHandle',
'VirtualProtect',
'VirtualQuery',
'GetCurrentProcessId',
'CreateMutexA',
'WaitForSingleObject',
'ReleaseMutex',
'FindResourceA',
'LoadResource',
'LockResource',
'CreateToolhelp32Snapshot',
'Module32First',
'GetProcAddress',
'Module32Next',
'EnumResourceNamesA',
'Sleep',
'CreateEventA',
'ExitProcess',
'SetEvent',
'GetExitCodeThread',
'TerminateThread',
'CreateThread',
'VirtualFree',
'GetModuleFileNameA',
'GetSystemTime',
'UnmapViewOfFile',
'GetCommandLineW',
'LocalFree',
'GlobalAlloc',
'CreateFileA',
'DeviceIoControl',
'CreateFileW',
'GlobalFree',
'LoadLibraryA',
'RtlAddFunctionTable',
'TlsAlloc',
'TlsSetValue',
'TlsGetValue',
'TlsFree',
'RtlDeleteFunctionTable',
'FreeLibrary',
'MapViewOfFile',
'CreateFileMappingA',
'lstrcmpA',
'LocalAlloc',
'GetModuleFileNameW',
'GetLastError',
'GetSystemInfo',
'GetWindowsDirectoryA',
'QueryPerformanceCounter',
'GetCurrentThread',
'SystemTimeToFileTime',
'GetModuleHandleA',
'VirtualAlloc',
'GetVolumeInformationA',
'GetTickCount',
'GetCurrentThreadId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'lstrlenW',
'MultiByteToWideChar',
'lstrlenA',
'WideCharToMultiByte',
'GetErrorInfo',
'SystemTimeToVariantTime',
'SysAllocString',
'SysFreeString',
'VariantInit',
'VariantChangeType',
'SetErrorInfo',
'CreateErrorInfo',
'VariantClear',
'?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXPE$AAVEventHandler@System@@@Z',
'?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ',
'?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@PE$AAVException@3@@Z',
'__setusermatherr_m',
'?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@@Z',
'?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVException@System@@0@Z',
'?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6AJPEAX@Z0@Z',
'_CorExeMain',
'GetHashFromFileW',
'CryptCATAdminEnumCatalogFromHash',
'CryptCATAdminAcquireContext',
'WinVerifyTrust',
'CryptCATAdminReleaseContext',
'CryptCATAdminReleaseCatalogContext',
'CryptCATCatalogInfoFromContext',
'CryptCATAdminCalcHashFromFileHandle',
'CertFindCertificateInStore',
'CertCloseStore',
'CryptMsgClose',
'CryptQueryObject',
'CertGetNameStringA',
'CryptDecodeObject',
'CryptMsgGetParam',
'CertFreeCertificateContext',
'GetAdaptersInfo',
'CoSetProxyBlanket',
'CoUninitialize',
'CoCreateInstance',
'CoInitializeEx',
'CoTaskMemAlloc',
'CommandLineToArgvW',
'SetupDiClassNameFromGuidA',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetDeviceInterfaceDetailA',
'SetupDiGetClassDevsA',
'SetupDiEnumDeviceInterfaces',
'UuidCreate'],
'LinkerVersion': 8,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 180,
'NumberOfSections': 7,
'OSVersion': 4,
'ResSize': 34932,
'SectionNames': {'.data\x00\x00\x00': 4096,
'.nep\x00\x00\x00\x00': 1536,
'.pdata\x00\x00': 9216,
'.rdata\x00\x00': 111616,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 35328,
'.text\x00\x00\x00': 223232},
'StackReserveSize': 1048576,
'filename': './data/malware/54a018f57390ca007adcec44a49e510ab0cf78e4e9698fb9daaa3fc07cfa18f4'},
'54b9b8c9c1fe79d6a279ecdaf4ad8bf21e15e2ba93933bc43821ffb362b81ac5': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 9660,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 9728,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/54b9b8c9c1fe79d6a279ecdaf4ad8bf21e15e2ba93933bc43821ffb362b81ac5'},
'54c1e4ccf229be4378be24b10ecaaab4516072e020ecaef78742c5cba6d233c1': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 157260,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 157696,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/54c1e4ccf229be4378be24b10ecaaab4516072e020ecaef78742c5cba6d233c1'},
'54c8cc1327e27d1bdeeec44614e02ee6337ca51b558f954d9f14f47f704d8a96': {'AddressOfEntryPoint': 1789960,
'DebugRVA': 1524288,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 1523712,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 10,
'OSVersion': 6,
'ResSize': 896,
'SectionNames': {'.aot\x00\x00\x00\x00': 47616,
'.data\x00\x00\x00': 53760,
'.pdata\x00\x00': 50688,
'.rdata\x00\x00': 153088,
'.reloc\x00\x00': 11776,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 1458688,
'INIT\x00\x00\x00\x00': 2560,
'init\x00\x00\x00\x00': 512,
'page\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/54c8cc1327e27d1bdeeec44614e02ee6337ca51b558f954d9f14f47f704d8a96'},
'550e925fc282785456ddedf5d71030191f05d2351c6bc156df9df4753878e90d': {'AddressOfEntryPoint': 1074541625,
'DebugRVA': 608400,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 606208,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'CreateProcessAsUserW',
'KERNEL32.dll': 'GetCurrentProcessId',
'OLEAUT32.dll': 'GetErrorInfo',
'SHELL32.dll': 'SHGetFolderPathW',
'SHLWAPI.dll': 'PathAddBackslashW',
'USER32.dll': 'ShowWindow',
'WTSAPI32.dll': 'WTSEnumerateSessionsW',
'nvWmiShim.dll': '?setMonitorPower@ApiShim@@SA_NJ@Z',
'ole32.dll': 'CoInitializeEx'},
'ImportedFunctions': ['?setMonitorHwnd@ApiShim@@SA_NPEAUHWND__@@@Z',
'??1ApiShim@@QEAA@XZ',
'?getDisplays@ApiShim@@QEBAQEAPEAVIDisplayShim@@XZ',
'?getDisplayCount@ApiShim@@QEBAKXZ',
'??0ApiShim@@QEAA@XZ',
'?getDisplaySourceCount@ApiShim@@QEBAKXZ',
'?getDisplayGridManager@ApiShim@@QEBAPEAVIDisplayGridManager@@XZ',
'?setnView@ApiShim@@SAX_N@Z',
'?getnView@ApiShim@@SA_NXZ',
'?getGpuCount@ApiShim@@QEBAKXZ',
'?getGsyncCount@ApiShim@@QEBAKXZ',
'?getDisplayPathInfo@ApiShim@@QEBAPEAVIDisplayPathShim@@XZ',
'?getDisplayDriverVer@ApiShim@@QEBAKXZ',
'?getGpus@ApiShim@@QEBAQEAPEAVIGpuShim@@XZ',
'?getGsyncDevices@ApiShim@@QEBAQEAPEAVIGSyncShim@@XZ',
'?getSdiDevices@ApiShim@@QEBAQEAPEAVISdiShim@@XZ',
'?getDrs@ApiShim@@QEBAPEBVIDrsShim@@XZ',
'?getCooler@ApiShim@@QEBAQEAPEAVICoolerShim@@XZ',
'?getThermal@ApiShim@@QEBAQEAPEAVIThermalShim@@XZ',
'?getBoards@ApiShim@@QEBAQEAPEAVIBoardShim@@XZ',
'?getBoardCount@ApiShim@@QEBAKXZ',
'?registerEvents@@YA?AW4NvWMI_Status@@AEAUSCallbackTable@@@Z',
'?unregisterEvents@@YA?AW4NvWMI_Status@@XZ',
'?getDisplayTargetCount@ApiShim@@QEBAKI@Z',
'?getSdiCount@ApiShim@@QEBAKXZ',
'?getDrsMutable@ApiShim@@QEAAPEAVIDrsShim@@XZ',
'?setMonitorPower@ApiShim@@SA_NJ@Z',
'GetTimeZoneInformation',
'SetEndOfFile',
'GetProcessHeap',
'ReadFile',
'ReleaseMutex',
'SetEvent',
'OpenEventW',
'RegisterWaitForSingleObject',
'WaitForSingleObject',
'CreateMutexW',
'SignalObjectAndWait',
'ResetEvent',
'OpenProcess',
'Sleep',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetSystemDirectoryW',
'DeleteCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'CreateEventW',
'GetModuleHandleW',
'InitializeCriticalSection',
'GetCommandLineW',
'GetVersionExW',
'FormatMessageW',
'DecodePointer',
'EncodePointer',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'GetCommandLineA',
'GetStartupInfoW',
'HeapAlloc',
'WriteFile',
'GetStdHandle',
'CompareStringW',
'GetLocaleInfoW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'HeapDestroy',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'GetCurrentThread',
'FlsAlloc',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'HeapSize',
'GetProcAddress',
'ExitProcess',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'LCMapStringW',
'GetModuleFileNameA',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'QueryPerformanceCounter',
'GetTickCount',
'SetEnvironmentVariableA',
'GetSystemTimeAsFileTime',
'FatalAppExitA',
'SetConsoleCtrlHandler',
'LoadLibraryW',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'HeapReAlloc',
'FreeLibrary',
'MultiByteToWideChar',
'GetStringTypeW',
'GetUserDefaultLCID',
'GetLocaleInfoA',
'EnumSystemLocalesA',
'IsValidLocale',
'SetStdHandle',
'WriteConsoleW',
'CreateFileW',
'FlushFileBuffers',
'lstrlenA',
'LocalFree',
'lstrlenW',
'OutputDebugStringW',
'QueryPerformanceFrequency',
'GetModuleFileNameW',
'GetCurrentProcessId',
'DefWindowProcW',
'LoadStringW',
'DestroyWindow',
'PostMessageW',
'TranslateMessage',
'DispatchMessageW',
'LoadIconW',
'LoadCursorW',
'RegisterClassW',
'CreateWindowExW',
'GetMessageW',
'ShowWindow',
'DeleteService',
'QueryServiceStatus',
'ControlService',
'CloseServiceHandle',
'OpenServiceW',
'OpenSCManagerW',
'RegisterEventSourceW',
'ReportEventW',
'DeregisterEventSource',
'RegOpenKeyExW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'RegCloseKey',
'StartServiceCtrlDispatcherW',
'CreateServiceW',
'ChangeServiceConfig2W',
'RegisterServiceCtrlHandlerExW',
'SetServiceStatus',
'OpenProcessToken',
'DuplicateTokenEx',
'SetTokenInformation',
'CreateProcessAsUserW',
'CommandLineToArgvW',
'SHGetFolderPathW',
'CoInitializeSecurity',
'CoUninitialize',
'CoCreateInstance',
'CoInitializeEx',
'CreateErrorInfo',
'SetErrorInfo',
'SysAllocString',
'SysStringLen',
'SysFreeString',
'VariantCopy',
'VariantInit',
'VariantClear',
'SysStringByteLen',
'VariantChangeType',
'SafeArrayAccessData',
'SafeArrayDestroy',
'SafeArrayPutElement',
'SafeArrayCreateVector',
'GetErrorInfo',
'PathAppendW',
'PathAddBackslashW',
'WTSFreeMemory',
'WTSEnumerateSessionsW'],
'LinkerVersion': 10,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 189,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1464,
'StackReserveSize': 1048576,
'filename': './data/malware/550e925fc282785456ddedf5d71030191f05d2351c6bc156df9df4753878e90d'},
'553abcc0d38d5476bcf867fb031913c4a89192fee1e239e416fdf7ae6d46c545': {'AddressOfEntryPoint': 21520,
'DebugRVA': 120160,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 118784,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'MD5Init',
'GDI32.dll': 'GetStockObject',
'KERNEL32.dll': 'GetModuleHandleW',
'OLEAUT32.dll': 'LoadTypeLibEx',
'RPCRT4.dll': 'UuidCreateSequential',
'SHELL32.dll': 'ShellExecuteExW',
'USER32.dll': 'SetWindowPos',
'WS2_32.dll': 'WSARecv',
'ntdll.dll': '__chkstk',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['ZwCreateSection',
'ZwOpenFile',
'RtlDosPathNameToNtPathName_U',
'LdrFindEntryForAddress',
'RtlImageNtHeader',
'LdrAccessResource',
'LdrFindResource_U',
'sprintf',
'ZwMapViewOfSection',
'RtlInitUnicodeString',
'wcscpy',
'ZwUnmapViewOfSection',
'RtlFreeUnicodeString',
'ZwCreateKey',
'ZwSetValueKey',
'ZwQueryValueKey',
'ZwDeleteValueKey',
'memcmp',
'ZwFlushKey',
'ZwEnumerateKey',
'ZwDeleteKey',
'ZwOpenTimer',
'ZwSetTimer',
'ZwDeleteFile',
'memcpy',
'RtlIpv4StringToAddressW',
'RtlIpv4AddressToStringA',
'ZwWriteFile',
'strtoul',
'ZwCreateFile',
'ZwQueryInformationFile',
'RtlNtStatusToDosError',
'memset',
'LdrUnloadDll',
'LdrAddRefDll',
'ZwRaiseHardError',
'wcsstr',
'RtlAdjustPrivilege',
'LdrLoadDll',
'ZwImpersonateThread',
'ZwOpenThread',
'ZwClose',
'ZwQueryKey',
'ZwSetContextThread',
'ZwProtectVirtualMemory',
'ZwWaitForSingleObject',
'ZwGetContextThread',
'ZwOpenKey',
'RtlComputeCrc32',
'wcslen',
'swprintf',
'RtlExitUserThread',
'RtlCreateUserThread',
'ZwDuplicateObject',
'ZwOpenProcess',
'RtlEqualUnicodeString',
'ZwQuerySystemInformation',
'ZwResumeThread',
'ZwQueueApcThread',
'ZwAllocateVirtualMemory',
'ZwSetInformationToken',
'ZwDuplicateToken',
'ZwAdjustPrivilegesToken',
'ZwOpenThreadTokenEx',
'ZwWriteVirtualMemory',
'ZwReadVirtualMemory',
'wcschr',
'RtlPrefixUnicodeString',
'RtlGetCurrentPeb',
'ZwQueryInformationProcess',
'RtlIpv4AddressToStringExA',
'strlen',
'ZwSetInformationFile',
'__chkstk',
'ExitThread',
'CreateTimerQueueTimer',
'DeleteTimerQueueTimer',
'GetSystemTimeAsFileTime',
'GetLastError',
'BindIoCompletionCallback',
'WideCharToMultiByte',
'CopyFileW',
'CreateProcessW',
'SetThreadLocale',
'GetCommandLineW',
'LoadLibraryW',
'VirtualProtect',
'LoadLibraryExW',
'ExitProcess',
'FreeLibraryAndExitThread',
'Sleep',
'LocalFree',
'LocalAlloc',
'GetSystemDefaultLangID',
'GetVersion',
'FormatMessageW',
'GetModuleHandleW',
'MD5Update',
'MD5Final',
'CreateProcessAsUserW',
'RegisterServiceCtrlHandlerExW',
'SetServiceStatus',
'StartServiceCtrlDispatcherW',
'MD5Init',
'DialogBoxParamW',
'PostMessageW',
'FindWindowW',
'SetWindowLongPtrW',
'SendMessageW',
'SetWindowLongW',
'GetWindowLongW',
'GetDlgItem',
'EndDialog',
'SetDlgItemTextW',
'GetClientRect',
'GetWindowLongPtrW',
'MessageBoxW',
'DefWindowProcW',
'GetSystemMetrics',
'CreateWindowExW',
'AdjustWindowRect',
'SetWindowTextW',
'PostQuitMessage',
'DestroyWindow',
'OpenDesktopW',
'SetThreadDesktop',
'DestroyIcon',
'UnregisterClassW',
'DispatchMessageW',
'TranslateMessage',
'GetActiveWindow',
'GetMessageW',
'RegisterClassW',
'LoadCursorW',
'LoadIconW',
'SetWindowPos',
'UuidCreateSequential',
'SetTextColor',
'SetBkColor',
'GetStockObject',
'ShellExecuteExW',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'SysAllocString',
'SysFreeString',
'VariantClear',
'LoadTypeLibEx',
'WSARecvFrom',
'WSASendTo',
'setsockopt',
'WSACleanup',
'WSAStartup',
'WSASocketW',
'WSAGetLastError',
'closesocket',
'bind',
'WSAIoctl',
'WSASend',
'WSARecv'],
'LinkerVersion': 9,
'NumberOfImportDLL': 11,
'NumberOfImportFunctions': 160,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 10104,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 13824,
'.rsrc\x00\x00\x00': 10240,
'.text\x00\x00\x00': 111104},
'StackReserveSize': 1048576,
'filename': './data/malware/553abcc0d38d5476bcf867fb031913c4a89192fee1e239e416fdf7ae6d46c545'},
'554c9b195c6a702569600de1148e3e5461fc92c75b45aed98e7d70218eb02df5': {'AddressOfEntryPoint': 3221237964,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'VirtualQuery',
'USER32.dll': 'wsprintfA',
'VERSION.dll': 'GetFileVersionInfoSizeA'},
'ImportedFunctions': ['GetWindowsDirectoryA',
'GetProcessHeap',
'HeapAlloc',
'WinExec',
'HeapFree',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'GetVersionExA',
'GetStartupInfoA',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'TlsAlloc',
'SetLastError',
'GetLastError',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'GetProcAddress',
'GetModuleHandleA',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'LeaveCriticalSection',
'EnterCriticalSection',
'Sleep',
'LoadLibraryA',
'InitializeCriticalSection',
'GetLocaleInfoA',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'wsprintfA',
'RegSetValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'VerQueryValueA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 68,
'NumberOfSections': 4,
'OSVersion': 4,
'ResSize': 0,
'StackReserveSize': 1048576,
'filename': './data/malware/554c9b195c6a702569600de1148e3e5461fc92c75b45aed98e7d70218eb02df5'},
'5556dedde7d7dc3b27850c53031c2b9f918d6ff410840665f54db122042475a7': {'AddressOfEntryPoint': 180536,
'DebugRVA': 756104,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 757760,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'OpenThreadToken',
'GDI32.dll': 'ExtTextOutW',
'KERNEL32.dll': 'CloseHandle',
'OLEAUT32.dll': 'SysFreeString',
'POWRPROF.dll': 'GetPwrCapabilities',
'PROPSYS.dll': 'PropVariantToStringAlloc',
'RPCRT4.dll': 'RpcBindingFromStringBindingW',
'SHELL32.dll': 'SHCreateItemFromParsingName',
'SHLWAPI.dll': 'PathFindExtensionW',
'Secur32.dll': 'GetUserNameExW',
'USER32.dll': 'GetClassNameW',
'UxTheme.dll': 'IsThemeActive',
'dwmapi.dll': 'DwmUnregisterThumbnail',
'gdiplus.dll': 'GdipSetCompositingMode',
'msvcrt.dll': 'sin',
'ntdll.dll': 'NtQueryInformationProcess',
'ole32.dll': 'CoCreateFreeThreadedMarshaler',
'slc.dll': 'SLGetWindowsInformationDWORD'},
'ImportedFunctions': ['RegCreateKeyW',
'RegCloseKey',
'RegOpenKeyExW',
'RegGetValueW',
'EventWrite',
'EventEnabled',
'GetTraceLoggerHandle',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'RegisterTraceGuidsW',
'UnregisterTraceGuids',
'RegQueryValueExW',
'GetLengthSid',
'GetTokenInformation',
'OpenProcessToken',
'RegCreateKeyExW',
'RegSetValueExW',
'EventRegister',
'EventUnregister',
'TraceMessage',
'RegOpenKeyW',
'RegDeleteValueW',
'RegQueryInfoKeyW',
'RegEnumValueW',
'LsaOpenPolicy',
'GetSidSubAuthorityCount',
'LsaClose',
'IsValidSid',
'LsaFreeMemory',
'StartTraceW',
'EnableTraceEx',
'StopTraceW',
'CryptAcquireContextW',
'CryptCreateHash',
'CryptHashData',
'CryptGetHashParam',
'CryptDestroyHash',
'CryptReleaseContext',
'StartServiceW',
'CreateWellKnownSid',
'RegEnumKeyExW',
'GetSidSubAuthority',
'LsaLookupSids',
'ConvertSidToStringSidW',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'CheckTokenMembership',
'QueryServiceStatus',
'OpenSCManagerW',
'OpenServiceW',
'CloseServiceHandle',
'ConvertStringSidToSidW',
'OpenThreadToken',
'DelayLoadFailureHook',
'LoadLibraryExA',
'ReadFile',
'GetFileSize',
'CreateFileW',
'FlushInstructionCache',
'RaiseException',
'SetLastError',
'OpenThread',
'GetSystemTimeAsFileTime',
'GetLocaleInfoW',
'GetDateFormatW',
'GetTimeFormatW',
'GetLocalTime',
'MultiByteToWideChar',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetModuleHandleW',
'OpenEventW',
'InterlockedPopEntrySList',
'FindClose',
'FindNextFileW',
'GetLongPathNameW',
'SetProcessShutdownParameters',
'GetStartupInfoW',
'ReleaseMutex',
'CreateMutexW',
'InitializeCriticalSection',
'DeleteCriticalSection',
'VirtualAlloc',
'InterlockedPushEntrySList',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'TerminateProcess',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'VirtualFree',
'lstrcmpiW',
'CompareStringOrdinal',
'FindFirstFileW',
'SetErrorMode',
'CreateEventW',
'GetSystemDirectoryW',
'GetVersionExW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'GetUserDefaultUILanguage',
'WaitForSingleObject',
'SetTermsrvAppInstallMode',
'GetFileAttributesW',
'RegisterApplicationRestart',
'GlobalGetAtomNameW',
'ExpandEnvironmentStringsW',
'SystemTimeToFileTime',
'GetSystemTime',
'MulDiv',
'GetTickCount64',
'GetThreadPriority',
'LeaveCriticalSection',
'EnterCriticalSection',
'SetEvent',
'GetCurrentThread',
'SetThreadPriority',
'GetTickCount',
'GetUserDefaultLangID',
'ExitProcess',
'HeapDestroy',
'UnmapViewOfFile',
'MapViewOfFile',
'SearchPathW',
'GetDynamicTimeZoneInformation',
'GetTimeZoneInformation',
'GetBinaryTypeW',
'QueryPerformanceFrequency',
'QueueUserWorkItem',
'LoadLibraryExW',
'GetProductInfo',
'TerminateThread',
'CreateIoCompletionPort',
'GetQueuedCompletionStatus',
'LoadLibraryA',
'DeleteFileW',
'GetProcessId',
'GetModuleHandleA',
'GetWindowsDirectoryW',
'CompareStringW',
'lstrcmpA',
'CompareFileTime',
'QueryFullProcessImageNameW',
'CreateFileMappingW',
'ResetEvent',
'WideCharToMultiByte',
'GlobalFree',
'DuplicateHandle',
'GetCurrentDirectoryW',
'WaitForMultipleObjects',
'GetComputerNameW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'lstrlenA',
'DeactivateActCtx',
'ActivateActCtx',
'ReleaseActCtx',
'CreateActCtxW',
'LockResource',
'LoadResource',
'FindResourceExW',
'HeapAlloc',
'HeapFree',
'GetProcessHeap',
'GetCurrentProcess',
'GetCommandLineW',
'GetPrivateProfileStringW',
'GetModuleFileNameW',
'CreateProcessW',
'lstrlenW',
'OpenProcess',
'LocalFree',
'LocalAlloc',
'QueryInformationJobObject',
'Sleep',
'CreateThread',
'SetPriorityClass',
'GetPriorityClass',
'ResumeThread',
'AssignProcessToJobObject',
'SetInformationJobObject',
'GetLastError',
'CreateJobObjectW',
'CloseHandle',
'LPtoDP',
'GetRgnBox',
'OffsetViewportOrgEx',
'GetStockObject',
'GdiFlush',
'CombineRgn',
'OffsetRgn',
'SetLayout',
'SetWindowOrgEx',
'StretchBlt',
'GetTextExtentPoint32W',
'CreatePen',
'Polyline',
'GetRegionData',
'GetTextColor',
'GetLayout',
'GetTextMetricsW',
'ExtCreateRegion',
'SetDIBits',
'SelectClipRgn',
'SetViewportOrgEx',
'GetViewportOrgEx',
'IntersectClipRect',
'GetClipRgn',
'CreateRectRgn',
'GetBkColor',
'PatBlt',
'CreateBitmap',
'SetBkMode',
'SetTextColor',
'SetBkColor',
'OffsetWindowOrgEx',
'CreateCompatibleBitmap',
'GetTextExtentPointW',
'GetClipBox',
'GetObjectW',
'GdiAlphaBlend',
'BitBlt',
'GetDeviceCaps',
'CreateFontIndirectW',
'CreateRectRgnIndirect',
'CreateCompatibleDC',
'CreateDIBSection',
'SelectObject',
'DeleteObject',
'DeleteDC',
'ExtTextOutW',
'CopyRect',
'SetRect',
'CreateWindowExW',
'DialogBoxParamW',
'GetClassInfoW',
'GetClassInfoExW',
'GetMenuItemInfoW',
'GetMenuItemCount',
'DefWindowProcW',
'ActivateKeyboardLayout',
'GetCursorPos',
'InsertMenuW',
'GetMenuStringW',
'SetMenuItemInfoW',
'InsertMenuItemW',
'IsChild',
'IsWinEventHookInstalled',
'IsProcessDPIAware',
'IsRectEmpty',
'UnionRect',
'GetClassLongW',
'SetClassLongW',
'GetGUIThreadInfo',
'GetDlgCtrlID',
'GetNextDlgGroupItem',
'GetNextDlgTabItem',
'MoveWindow',
'ChildWindowFromPointEx',
'GetWindowDC',
'CharUpperW',
'UnregisterClassW',
'FrameRect',
'WindowFromDC',
'SendMessageCallbackW',
'UpdateLayeredWindow',
'GetUserObjectInformationW',
'GetProcessWindowStation',
'GetThreadDesktop',
'ShowWindowAsync',
'BringWindowToTop',
'GetClassLongPtrW',
'GetIconInfo',
'RegisterShellHookWindow',
'DeregisterShellHookWindow',
'FlashWindowEx',
'SetThreadDesktop',
'EndTask',
'OpenInputDesktop',
'CloseDesktop',
'GetMenuState',
'IsZoomed',
'SetScrollInfo',
'GetScrollInfo',
'SetScrollPos',
'InternalGetWindowText',
'GetWindowInfo',
'GetCaretBlinkTime',
'SetLayeredWindowAttributes',
'GetLayeredWindowAttributes',
'GetUpdateRect',
'SetWindowsHookExW',
'UnhookWindowsHookEx',
'CallNextHookEx',
'SetFocus',
'GetAncestor',
'ReleaseCapture',
'GetDoubleClickTime',
'RegisterWindowMessageW',
'SetWindowTextW',
'SetWindowPlacement',
'SetRectEmpty',
'EnumDisplayMonitors',
'InflateRect',
'EqualRect',
'UpdateWindow',
'GetMonitorInfoW',
'MonitorFromPoint',
'MonitorFromRect',
'CharPrevW',
'GetMessageW',
'TranslateMessage',
'DispatchMessageW',
'CreatePopupMenu',
'GetMenuDefaultItem',
'SendNotifyMessageW',
'LockSetForegroundWindow',
'ChangeWindowMessageFilterEx',
'IntersectRect',
'MonitorFromWindow',
'IsWindowVisible',
'GetForegroundWindow',
'EnumWindows',
'GetParent',
'IsWindow',
'TranslateAcceleratorW',
'WaitMessage',
'GetWindowTextW',
'GetClientRect',
'TrackPopupMenuEx',
'SetActiveWindow',
'GetKeyState',
'GhostWindowFromHungWindow',
'RegisterClassW',
'LoadCursorW',
'SubtractRect',
'RedrawWindow',
'BeginDeferWindowPos',
'DeferWindowPos',
'EndDeferWindowPos',
'InvalidateRect',
'OffsetRect',
'SendMessageTimeoutW',
'SetWindowRgn',
'UpdateLayeredWindowIndirect',
'GetWindowRgnBox',
'LoadImageW',
'GetWindowPlacement',
'SetForegroundWindow',
'GetLastInputInfo',
'RemovePropW',
'GetLastActivePopup',
'SwitchToThisWindow',
'MessageBeep',
'GetActiveWindow',
'GetFocus',
'SetCursor',
'UnregisterHotKey',
'RegisterHotKey',
'SendDlgItemMessageW',
'EndDialog',
'GetDesktopWindow',
'GetAsyncKeyState',
'ChildWindowFromPoint',
'SetCursorPos',
'GetMessagePos',
'BeginPaint',
'FillRect',
'DrawEdge',
'EndPaint',
'GetSystemMenu',
'EnableMenuItem',
'ExitWindowsEx',
'LoadIconW',
'DestroyIcon',
'IsIconic',
'DeleteMenu',
'CheckMenuItem',
'ModifyMenuW',
'WindowFromPoint',
'ClientToScreen',
'TrackPopupMenu',
'IsHungAppWindow',
'GetWindowThreadProcessId',
'AppendMenuW',
'CascadeWindows',
'TileWindows',
'LockWorkStation',
'ScreenToClient',
'RegisterClipboardFormatW',
'NotifyWinEvent',
'GetSysColor',
'DrawFocusRect',
'AdjustWindowRectEx',
'CopyIcon',
'MsgWaitForMultipleObjects',
'SetWinEventHook',
'RegisterClassExW',
'GetDlgItem',
'EnableWindow',
'GetDlgItemInt',
'SetDlgItemInt',
'IsDlgButtonChecked',
'IsWindowEnabled',
'CheckDlgButton',
'CallWindowProcW',
'SetCapture',
'DrawTextW',
'AdjustWindowRect',
'CalculatePopupWindowPosition',
'GetMessageExtraInfo',
'GetCapture',
'SetGestureConfig',
'DrawIconEx',
'RemoveMenu',
'SetMenuDefaultItem',
'LoadMenuW',
'GetSubMenu',
'AllowSetForegroundWindow',
'LoadAcceleratorsW',
'TrackMouseEvent',
'CharNextW',
'GetWindow',
'GetSysColorBrush',
'GetPropW',
'HungWindowFromGhostWindow',
'SetWindowCompositionAttribute',
'GetWindowLongW',
'MsgWaitForMultipleObjectsEx',
'EnumChildWindows',
'SendMessageW',
'PtInRect',
'GetKeyboardLayout',
'GetWindowRect',
'DestroyMenu',
'SystemParametersInfoW',
'ShowWindow',
'MapWindowPoints',
'SetTimer',
'SetPropW',
'KillTimer',
'SetWindowPos',
'GetWindowLongPtrW',
'PostQuitMessage',
'SetWindowLongPtrW',
'DestroyWindow',
'ShutdownBlockReasonCreate',
'LoadStringW',
'PostMessageW',
'PeekMessageW',
'ReleaseDC',
'GetDC',
'FindWindowW',
'GetSystemMetrics',
'GetShellWindow',
'GetClassNameW',
'_vsnwprintf',
'free',
'wcsstr',
'iswalpha',
'wcschr',
'realloc',
'_wcsicmp',
'cosf',
'_wtoi',
'memcmp',
'sqrt',
'ceil',
'bsearch',
'__wgetmainargs',
'__C_specific_handler',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'?terminate@@YAXXZ',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'__set_app_type',
'memmove',
'memcpy',
'memset',
'_fmode',
'malloc',
'sin',
'WinSqmSetString',
'WinSqmSetDWORD',
'WinSqmAddToStreamEx',
'NtSetSystemInformation',
'WinSqmAddToStream',
'WinSqmEventEnabled',
'WinSqmIsOptedIn',
'NtSetInformationProcess',
'NtQueryInformationToken',
'NtOpenProcessToken',
'NtClose',
'NtOpenThreadToken',
'RtlGetProductInfo',
'EtwEventEnabled',
'EtwEventWrite',
'NtQueryInformationProcess',
'StrStrIW',
'AssocQueryStringW',
'PathQuoteSpacesW',
'SHDeleteKeyW',
'SHRegGetUSValueW',
'PathIsNetworkPathW',
'SHOpenRegStream2W',
'SHRegGetBoolUSValueW',
'SHStrDupW',
'StrChrIW',
'PathFileExistsW',
'PathGetDriveNumberW',
'PathRemoveFileSpecW',
'PathIsDirectoryW',
'SHRegGetValueW',
'ChrCmpIW',
'AssocQueryKeyW',
'PathStripPathW',
'PathIsRootW',
'PathParseIconLocationW',
'StrCmpIW',
'StrCmpW',
'PathIsPrefixW',
'SHCreateStreamOnFileW',
'SHQueryInfoKeyW',
'StrCmpNW',
'StrTrimW',
'PathStripToRootW',
'StrRetToBufW',
'PathCommonPrefixW',
'SHStrDupA',
'PathRemoveExtensionW',
'PathIsFileSpecW',
'AssocCreate',
'StrRetToStrW',
'StrToIntW',
'StrChrW',
'PathCombineW',
'SHCreateThreadRef',
'SHSetThreadRef',
'SHGetValueW',
'PathFindFileNameW',
'PathRemoveArgsW',
'PathRemoveBlanksW',
'StrCmpNIW',
'PathGetArgsW',
'SHSetValueW',
'SHDeleteValueW',
'PathAppendW',
'PathFindExtensionW',
'SHCreateDataObject',
'SHGetLocalizedName',
'Shell_GetCachedImageIndexW',
'SHGetStockIconInfo',
'SHGetPropertyStoreForWindow',
'SHGetSpecialFolderLocation',
'SHCreateItemWithParent',
'SHBindToFolderIDListParent',
'SHBindToFolderIDListParentEx',
'SHChangeNotify',
'SHGetFileInfoW',
'SHParseDisplayName',
'SHGetFolderLocation',
'SHGetSpecialFolderPathW',
'SHBindToObject',
'SHGetKnownFolderIDList',
'ShellExecuteExW',
'SHGetNameFromIDList',
'SHCreateShellItem',
'SHChangeNotifyRegisterThread',
'SHGetPathFromIDListW',
'SHFileOperationW',
'SHGetFolderPathEx',
'SHUpdateRecycleBinIcon',
'SHBindToParent',
'SHGetFolderPathW',
'SHGetPathFromIDListA',
'ShellExecuteW',
'SHEnableServiceObject',
'SHGetIDListFromObject',
'SHCreateItemFromIDList',
'SHAddToRecentDocs',
'Shell_NotifyIconW',
'Shell_NotifyIconGetRect',
'ExtractIconExW',
'SHEvaluateSystemCommandTemplate',
'SHCreateShellItemArrayFromIDLists',
'DragQueryFileW',
'SHGetKnownFolderPath',
'SHCreateShellItemArrayFromShellItem',
'SHCreateItemFromParsingName',
'CoInitializeEx',
'CLSIDFromString',
'CoGetMalloc',
'CoGetInterfaceAndReleaseStream',
'RevokeDragDrop',
'RegisterDragDrop',
'CoUninitialize',
'CoInitialize',
'CoMarshalInterThreadInterfaceInStream',
'CoFreeUnusedLibraries',
'CoRegisterMessageFilter',
'StringFromGUID2',
'OleUninitialize',
'OleInitialize',
'CoRevokeClassObject',
'CoRegisterClassObject',
'CoCreateInstance',
'CoTaskMemFree',
'CreateStreamOnHGlobal',
'ReleaseStgMedium',
'PropVariantClear',
'CreateBindCtx',
'CoTaskMemAlloc',
'CoCreateFreeThreadedMarshaler',
'VariantInit',
'VariantClear',
'SysAllocStringByteLen',
'SysAllocStringLen',
'SysAllocString',
'SysFreeString',
'GetThemeBackgroundExtent',
'GetThemeBackgroundRegion',
'GetThemeColor',
'IsThemePartDefined',
'GetThemeRect',
'DrawThemeIcon',
'GetBufferedPaintBits',
'BufferedPaintClear',
'IsAppThemed',
'IsCompositionActive',
'OpenThemeData',
'CloseThemeData',
'SetWindowTheme',
'GetThemeMetric',
'DrawThemeBackground',
'GetThemeTextExtent',
'DrawThemeText',
'GetThemeBool',
'DrawThemeParentBackground',
'GetWindowTheme',
'GetThemeBackgroundContentRect',
'GetThemePartSize',
'BeginBufferedPaint',
'DrawThemeTextEx',
'EndBufferedPaint',
'GetThemeMargins',
'BufferedPaintInit',
'BufferedPaintUnInit',
'IsThemeActive',
'CallNtPowerInformation',
'PowerDeterminePlatformRole',
'GetPwrCapabilities',
'DwmEnableBlurBehindWindow',
'DwmSetWindowAttribute',
'DwmIsCompositionEnabled',
'DwmQueryThumbnailSourceSize',
'DwmUpdateThumbnailProperties',
'DwmUnregisterThumbnail',
'SLGetWindowsInformationDWORD',
'GdipSetInterpolationMode',
'GdipDrawImageRectI',
'GdipCloneImage',
'GdipGetImageWidth',
'GdipGetImageHeight',
'GdipCreateBitmapFromHBITMAP',
'GdiplusStartup',
'GdiplusShutdown',
'GdipFree',
'GdipAlloc',
'GdipDisposeImage',
'GdipCreateFromHDC',
'GdipDeleteGraphics',
'GdipSetCompositingMode',
'GetUserNameExW',
'NdrClientCall3',
'I_RpcExceptionFilter',
'RpcStringFreeW',
'RpcBindingFree',
'RpcBindingSetAuthInfoExW',
'RpcStringBindingComposeW',
'RpcBindingFromStringBindingW',
'PSCreateMemoryPropertyStore',
'VariantToStringAlloc',
'VariantToStringWithDefault',
'PropVariantToString',
'VariantToBooleanWithDefault',
'PropVariantToInt64',
'VariantToInt32WithDefault',
'PropVariantToBoolean',
'PropVariantToUInt64',
'PropVariantToUInt32',
'PropVariantToStringAlloc'],
'LinkerVersion': 9,
'NumberOfImportDLL': 19,
'NumberOfImportFunctions': 703,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1846824,
'SectionNames': {'.data\x00\x00\x00': 14848,
'.pdata\x00\x00': 52736,
'.rdata\x00\x00': 191488,
'.reloc\x00\x00': 10240,
'.rsrc\x00\x00\x00': 1847296,
'.text\x00\x00\x00': 752128},
'StackReserveSize': 524288,
'filename': './data/malware/5556dedde7d7dc3b27850c53031c2b9f918d6ff410840665f54db122042475a7'},
'557d9a047e5edf21f90cd56f7bebef8ba4f0a279e1e2dd8e6ebb95991cfb7e4b': {'AddressOfEntryPoint': 34988,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'EnumProcessModules'},
'ImportedFunctions': ['GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'Sleep',
'OpenProcess',
'GetExitCodeProcess',
'TerminateProcess',
'CloseHandle',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'CreateFileW',
'CreateThread',
'GetCurrentProcess',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetModuleFileNameW',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 58880},
'StackReserveSize': 1048576,
'filename': './data/malware/557d9a047e5edf21f90cd56f7bebef8ba4f0a279e1e2dd8e6ebb95991cfb7e4b'},
'561c898e605592b99a76c372be03280972b9ec28aa08af8eef1231968725a456': {'AddressOfEntryPoint': 52012,
'DebugRVA': 140480,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 139264,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'SetSecurityInfo',
'KERNEL32.dll': 'EnterCriticalSection',
'USER32.dll': 'DispatchMessageA'},
'ImportedFunctions': ['GetVersionExA',
'GetLastError',
'WaitForMultipleObjects',
'ReleaseMutex',
'ReleaseSemaphore',
'LocalFree',
'WaitForSingleObject',
'LocalAlloc',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'CreateEventA',
'CreateMutexA',
'CreateSemaphoreA',
'HeapAlloc',
'GetProcessHeap',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'RaiseException',
'RtlPcToFileHeader',
'RtlUnwindEx',
'HeapFree',
'ExitThread',
'CreateThread',
'WriteConsoleW',
'GetFileType',
'GetStdHandle',
'LCMapStringA',
'LCMapStringW',
'GetCPInfo',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetLocaleInfoA',
'GetStringTypeA',
'GetStringTypeW',
'HeapReAlloc',
'GetUserDefaultLCID',
'EnumSystemLocalesA',
'IsValidLocale',
'InitializeCriticalSectionAndSpinCount',
'GetLocaleInfoW',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'FlushFileBuffers',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'OpenProcess',
'OpenEventA',
'ResetEvent',
'Sleep',
'CreateFileA',
'CloseHandle',
'SetEvent',
'GetCurrentProcessId',
'GetTickCount',
'GetModuleFileNameA',
'SetUnhandledExceptionFilter',
'GetCurrentThreadId',
'DeleteCriticalSection',
'InitializeCriticalSection',
'LeaveCriticalSection',
'TerminateProcess',
'EnterCriticalSection',
'SetWindowsHookExA',
'UnhookWindowsHookEx',
'MsgWaitForMultipleObjectsEx',
'PeekMessageA',
'TranslateMessage',
'DispatchMessageA',
'RegOpenKeyExA',
'RegCloseKey',
'RegQueryValueExA',
'InitializeAcl',
'SetSecurityInfo'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 105,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1832,
'SectionNames': {'.data\x00\x00\x00': 11264,
'.pdata\x00\x00': 9216,
'.rdata\x00\x00': 40960,
'.reloc\x00\x00': 2560,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 132096},
'StackReserveSize': 1048576,
'filename': './data/malware/561c898e605592b99a76c372be03280972b9ec28aa08af8eef1231968725a456'},
'56980b78247805c214ba8a5adaff6018b8ad740c2a5b3a5c8d50b0a676d0c8aa': {'AddressOfEntryPoint': 81056,
'DebugRVA': 165872,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 163840,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryInfoKeyW',
'KERNEL32.dll': 'FlushFileBuffers',
'SHELL32.dll': 'SHGetFolderPathW',
'SHLWAPI.dll': 'PathStripPathW',
'USER32.dll': 'MessageBoxW',
'USERENV.dll': 'UnloadUserProfile'},
'ImportedFunctions': ['GetSecurityDescriptorLength',
'GetSecurityDescriptorControl',
'GetSecurityDescriptorGroup',
'GetSecurityDescriptorDacl',
'MakeSelfRelativeSD',
'GetSecurityDescriptorOwner',
'GetSecurityDescriptorSacl',
'TraceEvent',
'UnregisterTraceGuids',
'RegisterTraceGuidsW',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'GetTraceLoggerHandle',
'InitializeSid',
'GetSidLengthRequired',
'RegQueryValueExW',
'GetLengthSid',
'AddAce',
'CopySid',
'InitializeAcl',
'IsValidSid',
'GetSidSubAuthority',
'SetNamedSecurityInfoW',
'RegOpenKeyExW',
'GetAce',
'GetAclInformation',
'SetSecurityDescriptorDacl',
'OpenProcessToken',
'MakeAbsoluteSD',
'EqualSid',
'GetTokenInformation',
'SetSecurityDescriptorOwner',
'SetSecurityDescriptorGroup',
'InitializeSecurityDescriptor',
'OpenThreadToken',
'ConvertSidToStringSidW',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'RegCloseKey',
'RegCreateKeyExW',
'RegSetValueExW',
'RegEnumKeyExW',
'RegQueryInfoKeyW',
'HeapAlloc',
'HeapFree',
'HeapReAlloc',
'HeapSize',
'GetProcessHeap',
'GetStartupInfoW',
'RtlUnwindEx',
'GetProcAddress',
'GetModuleHandleA',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlPcToFileHeader',
'FlsGetValue',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThread',
'FlsAlloc',
'Sleep',
'GetModuleFileNameW',
'FreeEnvironmentStringsA',
'MultiByteToWideChar',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'FreeLibrary',
'LoadLibraryA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetLocaleInfoA',
'WideCharToMultiByte',
'GetStringTypeA',
'GetStringTypeW',
'LCMapStringA',
'LCMapStringW',
'CreateEventW',
'CreateMutexW',
'GetPrivateProfileIntW',
'GetPrivateProfileStringW',
'OutputDebugStringW',
'ReleaseMutex',
'lstrcmpW',
'SetFilePointer',
'GetLocalTime',
'WaitForSingleObject',
'lstrcmpiW',
'CreateFileW',
'OutputDebugStringA',
'RemoveDirectoryW',
'LocalFree',
'LoadLibraryW',
'GetEnvironmentVariableW',
'CreateDirectoryW',
'DuplicateHandle',
'GetModuleHandleW',
'RegisterWaitForSingleObject',
'UnregisterWaitEx',
'GetVersionExW',
'lstrcpynW',
'HeapDestroy',
'GetFileAttributesExW',
'MoveFileExW',
'DeleteCriticalSection',
'ReadFile',
'TryEnterCriticalSection',
'SetEvent',
'ResetEvent',
'VirtualQuery',
'GetTempPathW',
'VerifyVersionInfoW',
'OpenProcess',
'VerSetConditionMask',
'ReadProcessMemory',
'CreateProcessW',
'GlobalAlloc',
'GlobalLock',
'GlobalUnlock',
'GlobalFree',
'GetThreadLocale',
'UnregisterWait',
'DisconnectNamedPipe',
'CreateNamedPipeW',
'ConnectNamedPipe',
'GetOverlappedResult',
'QueueUserWorkItem',
'WritePrivateProfileStringW',
'CloseHandle',
'LoadResource',
'GetCurrentThreadId',
'SetProcessWorkingSetSize',
'LockResource',
'GetLastError',
'FindResourceExW',
'SizeofResource',
'RaiseException',
'FindResourceW',
'TerminateProcess',
'GetCurrentProcess',
'CreateFileA',
'SetStdHandle',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'GetConsoleMode',
'GetConsoleCP',
'GetSystemInfo',
'VirtualAlloc',
'VirtualProtect',
'lstrlenW',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSection',
'GetVersionExA',
'FlushFileBuffers',
'wvsprintfW',
'CloseClipboard',
'SetClipboardData',
'EmptyClipboard',
'OpenClipboard',
'CharLowerW',
'UnregisterClassA',
'wsprintfW',
'DispatchMessageW',
'GetMessageW',
'PeekMessageW',
'PostThreadMessageW',
'MessageBoxW',
'SHGetFolderPathW',
'PathRemoveFileSpecW',
'PathRemoveExtensionW',
'PathCanonicalizeW',
'PathAppendW',
'PathIsRelativeW',
'SHQueryValueExW',
'PathStripPathW',
'UnloadUserProfile'],
'LinkerVersion': 8,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 200,
'NumberOfSections': 6,
'OSVersion': 4,
'ResSize': 12520,
'SectionNames': {'.data\x00\x00\x00': 8704,
'.pdata\x00\x00': 9216,
'.rdata\x00\x00': 36352,
'.reloc\x00\x00': 3072,
'.rsrc\x00\x00\x00': 12800,
'.text\x00\x00\x00': 157696},
'StackReserveSize': 1048576,
'filename': './data/malware/56980b78247805c214ba8a5adaff6018b8ad740c2a5b3a5c8d50b0a676d0c8aa'},
'56c4084f1c6cc2d8e4e9a65940ce6e5c8b9d0ab403e4941c12bda6d6f94cb472': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1107744,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1107968,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/56c4084f1c6cc2d8e4e9a65940ce6e5c8b9d0ab403e4941c12bda6d6f94cb472'},
'56ed446dbc6513c68a357fdac55eaffd9ce6463256f5c3bcc0455a571c9f614b': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 671640,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 671744,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/56ed446dbc6513c68a357fdac55eaffd9ce6463256f5c3bcc0455a571c9f614b'},
'576839e1a2f2eafe7032d9d5363a2040de9c3daa4ed3f777568bc4986e76fe52': {'AddressOfEntryPoint': 1073785241,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'DIFXAPI.dll': 'DIFXAPISetLogCallbackA',
'KERNEL32.dll': 'InitializeCriticalSectionAndSpinCount',
'SETUPAPI.dll': 'SetupDiDestroyDeviceInfoList'},
'ImportedFunctions': ['GetEnvironmentVariableA',
'GetFullPathNameA',
'CreateFileA',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'FlushFileBuffers',
'HeapReAlloc',
'SetEndOfFile',
'WriteFile',
'CloseHandle',
'WriteConsoleW',
'GetLastError',
'GetCommandLineA',
'HeapFree',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'RaiseException',
'RtlPcToFileHeader',
'RtlUnwindEx',
'EnterCriticalSection',
'LeaveCriticalSection',
'LCMapStringA',
'WideCharToMultiByte',
'MultiByteToWideChar',
'LCMapStringW',
'GetModuleHandleW',
'Sleep',
'GetProcAddress',
'ExitProcess',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapSize',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'LoadLibraryA',
'InitializeCriticalSectionAndSpinCount',
'SetupDiGetDeviceInfoListDetailA',
'CM_Get_Device_ID_ExA',
'SetupDiSetClassInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiGetDeviceInstallParamsA',
'SetupDiGetClassDevsA',
'SetupDiEnumDeviceInfo',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiDestroyDeviceInfoList',
'DriverPackagePreinstallA',
'DriverPackageInstallA',
'DriverPackageGetPathA',
'DIFXAPISetLogCallbackA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 87,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'StackReserveSize': 1048576,
'filename': './data/malware/576839e1a2f2eafe7032d9d5363a2040de9c3daa4ed3f777568bc4986e76fe52'},
'579989ee80b64d29aedf108a93ad5efe1f1ece2d331a737278d8a51d43673a32': {'AddressOfEntryPoint': 105679,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 98976,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'FLTMGR.SYS': 'FltGetVolumeContext',
'hal.dll': 'HalMakeBeep',
'ntoskrnl.exe': 'NtQuerySystemInformation'},
'ImportedFunctions': ['RtlCompareUnicodeString',
'RtlCopyUnicodeString',
'ExpInterlockedPushEntrySList',
'ExpInterlockedPopEntrySList',
'ExQueryDepthSList',
'PsLookupProcessByProcessId',
'KeResetEvent',
'IoIs32bitProcess',
'KeWaitForSingleObject',
'ExAcquireResourceSharedLite',
'KeDelayExecutionThread',
'PsCreateSystemThread',
'PsTerminateSystemThread',
'ZwClose',
'KeBugCheckEx',
'RtlAppendUnicodeToString',
'strstr',
'strncmp',
'PsGetCurrentProcessId',
'PsGetCurrentThreadId',
'RtlFreeAnsiString',
'_vsnprintf',
'FsRtlIsNameInExpression',
'RtlUnicodeStringToAnsiString',
'IoThreadToProcess',
'ExDeleteNPagedLookasideList',
'ExInitializeResourceLite',
'ObfDereferenceObject',
'ExDeleteResourceLite',
'ExReleaseResourceLite',
'IoGetCurrentProcess',
'wcsstr',
'IoVolumeDeviceToDosName',
'KeEnterCriticalRegion',
'PsSetCreateProcessNotifyRoutine',
'PsSetCreateThreadNotifyRoutine',
'KeInitializeEvent',
'RtlInitUnicodeString',
'PsRemoveCreateThreadNotifyRoutine',
'ExInitializeNPagedLookasideList',
'KeLeaveCriticalRegion',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'KeSetEvent',
'ExAcquireResourceExclusiveLite',
'__C_specific_handler',
'_local_unwind',
'FltParseFileNameInformation',
'FltReleaseFileNameInformation',
'FltGetFileNameInformation',
'FltIsDirectory',
'FltCancelFileOpen',
'FltSetVolumeContext',
'FltStartFiltering',
'FltRegisterFilter',
'FltBuildDefaultSecurityDescriptor',
'FltGetVolumeName',
'FltCloseCommunicationPort',
'FltUnregisterFilter',
'FltAllocateContext',
'FltReleaseContext',
'FltFreeSecurityDescriptor',
'FltGetVolumeProperties',
'FltGetDiskDeviceObject',
'FltCreateCommunicationPort',
'FltCloseClientPort',
'FltGetVolumeContext',
'DbgPrint',
'IoAllocateMdl',
'MmProbeAndLockPages',
'MmMapLockedPagesSpecifyCache',
'MmUnlockPages',
'IoFreeMdl',
'ExAllocatePool',
'ExFreePool',
'NtQuerySystemInformation',
'HalMakeBeep'],
'LinkerVersion': 9,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 77,
'NumberOfSections': 11,
'OSVersion': 6,
'ResSize': 944,
'SectionNames': {'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 6144,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 28672,
'.vmp0\x00\x00\x00': 512,
'.vmp1\x00\x00\x00': 5120,
'.vmp2\x00\x00\x00': 19456,
'INIT\x00\x00\x00\x00': 3584,
'PAGE\x00\x00\x00\x00': 8704},
'StackReserveSize': 262144,
'filename': './data/malware/579989ee80b64d29aedf108a93ad5efe1f1ece2d331a737278d8a51d43673a32'},
'5896d527fecbe9b1068b5e6804769afb6208e771fb9870d6357d60f56855d3d1': {'AddressOfEntryPoint': 128604,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 626688,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetAclInformation',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAccessData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'EnumWindows',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Destroy',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_ReplaceIcon',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'WaitForSingleObject',
'HeapFree',
'GetProcessHeap',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'ReadFile',
'SetFilePointer',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'CreateThread',
'GetLocalTime',
'CompareStringW',
'CompareStringA',
'WriteFile',
'GetStdHandle',
'CreatePipe',
'EnterCriticalSection',
'TerminateThread',
'LeaveCriticalSection',
'DeleteCriticalSection',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'VirtualAlloc',
'LoadLibraryExW',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'LoadLibraryA',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FreeLibrary',
'InitializeCriticalSection',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'GetProcAddress',
'LoadLibraryW',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'InitializeCriticalSectionAndSpinCount',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'FlushFileBuffers',
'SetStdHandle',
'LCMapStringW',
'LCMapStringA',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'OutputDebugStringW',
'SetEnvironmentVariableA',
'IsCharAlphaNumericW',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'OpenClipboard',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'keybd_event',
'VkKeyScanA',
'GetKeyboardLayoutNameA',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'GetClipboardData',
'TrackPopupMenuEx',
'IsClipboardFormatAvailable',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'BlockInput',
'GetMessageW',
'LockWindowUpdate',
'SystemParametersInfoW',
'DispatchMessageW',
'EnumWindows',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'LineTo',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetSecurityDescriptorDacl',
'GetAce',
'AddAce',
'GetAclInformation',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'VarR8FromDec',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'SafeArrayAccessData'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 17920,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 87552,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 621056},
'StackReserveSize': 4194304,
'filename': './data/malware/5896d527fecbe9b1068b5e6804769afb6208e771fb9870d6357d60f56855d3d1'},
'58a3305e60e836d22e5b0bb68850b92d6077e74c30b0152625052b0680b95c88': {'AddressOfEntryPoint': 496226,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 409626,
'ExportSize': 3152,
'IATRVA': 494840,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'IsTextUnicode',
'COMCTL32.dll': 'PropertySheetW',
'COMDLG32.dll': 'GetSaveFileNameW',
'GDI32.dll': 'SetAbortProc',
'KERNEL32.dll': 'ExitProcess',
'OLEAUT32.dll': 'SysAllocString',
'SHELL32.dll': 'ShellAboutW',
'SHLWAPI.dll': 'SHStrDupW',
'USER32.dll': 'MessageBoxW',
'VERSION.dll': 'VerQueryValueW',
'WINSPOOL.DRV': 'GetPrinterDriverW',
'msvcrt.dll': '_commode',
'ntdll.dll': 'RtlLookupFunctionEntry',
'ole32.dll': 'CoTaskMemFree'},
'ImportedFunctions': ['IsTextUnicode',
'LoadLibraryW',
'SetAbortProc',
'ReleaseDC',
'_commode',
'GetSaveFileNameW',
'ShellAboutW',
'GetPrinterDriverW',
'CoTaskMemFree',
'SHStrDupW',
'PropertySheetW',
'SysAllocString',
'RtlLookupFunctionEntry',
'VerQueryValueW',
'MessageBoxW',
'GetModuleFileNameW',
'GetModuleHandleA',
'LoadLibraryA',
'LocalAlloc',
'LocalFree',
'GetModuleFileNameA',
'ExitProcess'],
'LinkerVersion': 9,
'NumberOfImportDLL': 17,
'NumberOfImportFunctions': 22,
'NumberOfSections': 10,
'OSVersion': 6,
'ResSize': 127328,
'SectionNames': {'.data\x00\x00\x00': 6144,
'.pdata\x00\x00': 2048,
'.rdata\x00\x00': 12800,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 127488,
'.text\x00\x00\x00': 43008,
'.tls\x00\x00\x00\x00': 512,
'.vmp0\x00\x00\x00': 512,
'.vmp1\x00\x00\x00': 196096,
'.vmp2\x00\x00\x00': 105472},
'StackReserveSize': 524288,
'filename': './data/malware/58a3305e60e836d22e5b0bb68850b92d6077e74c30b0152625052b0680b95c88'},
'58d409bea05dd325ce5a2db1b46db3c9b8ee1cd495928fd5477a0f7e054231a7': {'AddressOfEntryPoint': 43824,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegEnumKeyExA',
'KERNEL32.dll': 'HeapCreate',
'OLEAUT32.dll': 'SysAllocString',
'RPCRT4.dll': 'UuidFromStringA',
'SHELL32.dll': 'SHGetSpecialFolderPathA',
'USER32.dll': 'LoadStringA',
'ole32.dll': 'GetRunningObjectTable'},
'ImportedFunctions': ['CreateThread',
'CreateEventA',
'lstrlenW',
'MultiByteToWideChar',
'GetModuleHandleA',
'GetModuleFileNameA',
'lstrcmpiA',
'LeaveCriticalSection',
'EnterCriticalSection',
'Sleep',
'GetCurrentThreadId',
'GetCommandLineA',
'FreeLibrary',
'GetSystemDirectoryA',
'GetSystemWow64DirectoryA',
'GetProcAddress',
'LoadLibraryExA',
'LoadLibraryA',
'GetStringTypeW',
'SetEvent',
'LCMapStringW',
'LCMapStringA',
'GetCPInfo',
'lstrlenA',
'DeleteCriticalSection',
'InitializeCriticalSection',
'GetLastError',
'WideCharToMultiByte',
'__C_specific_handler',
'VirtualQuery',
'GetSystemInfo',
'GetOEMCP',
'GetACP',
'IsBadCodePtr',
'IsBadWritePtr',
'IsBadReadPtr',
'GetLocaleInfoA',
'SetUnhandledExceptionFilter',
'GetFileType',
'SetHandleCount',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'UnhandledExceptionFilter',
'GetStdHandle',
'WriteFile',
'ExitProcess',
'VirtualAlloc',
'VirtualProtect',
'GetVersionExA',
'WaitForSingleObject',
'GetStringTypeA',
'CloseHandle',
'HeapAlloc',
'HeapFree',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'GetProcessHeap',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'HeapSetInformation',
'HeapCreate',
'PostThreadMessageA',
'GetMessageA',
'DispatchMessageA',
'CharUpperA',
'CharNextA',
'LoadStringA',
'RegConnectRegistryA',
'RegCloseKey',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegSetValueExA',
'RegDeleteKeyA',
'RegEnumKeyExA',
'SHGetSpecialFolderPathA',
'StringFromCLSID',
'CreateItemMoniker',
'CoInitialize',
'CoUninitialize',
'CoTaskMemFree',
'GetRunningObjectTable',
'SysFreeString',
'LoadRegTypeLib',
'SysStringLen',
'SysAllocStringLen',
'SysAllocString',
'UuidFromStringA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 90,
'NumberOfSections': 6,
'OSVersion': 4,
'ResSize': 1080,
'SectionNames': {'.data\x00\x00\x00': 2560,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 16384,
'.rsrc\x00\x00\x00': 29184,
'.text\x00\x00\x00': 39936,
'vyigban\x00': 0},
'StackReserveSize': 1048576,
'filename': './data/malware/58d409bea05dd325ce5a2db1b46db3c9b8ee1cd495928fd5477a0f7e054231a7'},
'590766c37733bb55dba7ca9eb2c8d186bd18b2c8e6cff1bd49cdc6652f884162': {'AddressOfEntryPoint': 1073810685,
'DebugRVA': 46176,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteKeyA',
'KERNEL32.dll': 'GetVersionExA',
'MSVCR80.dll': '_CxxThrowException',
'OLEAUT32.dll': 'SysFreeString',
'USER32.dll': 'CreateWindowExA',
'bthprops.cpl': 'BluetoothFindFirstRadio',
'ole32.dll': 'CoTaskMemAlloc'},
'ImportedFunctions': ['BluetoothFindRadioClose',
'BluetoothFindFirstRadio',
'GetLastError',
'EnterCriticalSection',
'DeviceIoControl',
'DeleteCriticalSection',
'OutputDebugStringA',
'CloseHandle',
'GetTickCount',
'OpenEventA',
'WideCharToMultiByte',
'FindResourceA',
'lstrlenA',
'FreeLibrary',
'LoadResource',
'SizeofResource',
'IsDBCSLeadByte',
'MultiByteToWideChar',
'RaiseException',
'lstrcmpiA',
'GetModuleFileNameA',
'GetModuleHandleA',
'LoadLibraryExA',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'QueryPerformanceCounter',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'Sleep',
'LeaveCriticalSection',
'CreateEventA',
'InitializeCriticalSection',
'SetEvent',
'WaitForSingleObject',
'CreateFileA',
'GetACP',
'GetLocaleInfoA',
'lstrlenW',
'GetThreadLocale',
'GetVersionExA',
'UnregisterClassA',
'CharNextA',
'DefWindowProcA',
'SetTimer',
'PostQuitMessage',
'KillTimer',
'RegisterDeviceNotificationA',
'MsgWaitForMultipleObjects',
'RegisterClassA',
'UnregisterDeviceNotification',
'PostMessageA',
'EnumWindows',
'GetClassNameA',
'DispatchMessageA',
'TranslateMessage',
'PeekMessageA',
'CreateWindowExA',
'RegEnumKeyExA',
'RegSetValueExA',
'RegCloseKey',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegCreateKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'RegDeleteKeyA',
'CoTaskMemFree',
'CoTaskMemRealloc',
'CoCreateInstance',
'CoUninitialize',
'CoInitialize',
'CoTaskMemAlloc',
'VarUI4FromStr',
'SysFreeString',
'__crt_debugger_hook',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'__CxxFrameHandler3',
'memcpy',
'memset',
'_fmode',
'__set_app_type',
'_commode',
'__setusermatherr',
'_configthreadlocale',
'_initterm_e',
'vsprintf',
'free',
'malloc',
'??3@YAXPEAX@Z',
'_mbsnbicmp',
'??2@YAPEAX_K@Z',
'_vsnprintf',
'sprintf',
'_mbsicmp',
'??_U@YAPEAX_K@Z',
'_resetstkoflw',
'_mbsnbcpy_s',
'_recalloc',
'??_V@YAXPEAX@Z',
'memcpy_s',
'?terminate@@YAXXZ',
'__C_specific_handler',
'_unlock',
'_encode_pointer',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'_amsg_exit',
'__getmainargs',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'__initenv',
'_initterm',
'_CxxThrowException'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 124,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 1644,
'StackReserveSize': 1048576,
'filename': './data/malware/590766c37733bb55dba7ca9eb2c8d186bd18b2c8e6cff1bd49cdc6652f884162'},
'5911a5e7e9526333140815ed2d8b0ca8c3afb90e0750f31ee70099549b8a1f7f': {'AddressOfEntryPoint': 6128,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 28672,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'KERNEL32.dll': 'VirtualQuery',
'USER32.dll': 'wsprintfA',
'VERSION.dll': 'GetFileVersionInfoSizeA'},
'ImportedFunctions': ['GetWindowsDirectoryA',
'GetProcessHeap',
'HeapAlloc',
'WinExec',
'HeapFree',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'GetVersionExA',
'GetStartupInfoA',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'TlsAlloc',
'SetLastError',
'GetLastError',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'GetProcAddress',
'GetModuleHandleA',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'RtlUnwindEx',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'LeaveCriticalSection',
'EnterCriticalSection',
'Sleep',
'LoadLibraryA',
'InitializeCriticalSection',
'GetLocaleInfoA',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'wsprintfA',
'RegSetValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'VerQueryValueA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 68,
'NumberOfSections': 4,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 3584,
'.pdata\x00\x00': 12288,
'.rdata\x00\x00': 9216,
'.text\x00\x00\x00': 22016},
'StackReserveSize': 1048576,
'filename': './data/malware/5911a5e7e9526333140815ed2d8b0ca8c3afb90e0750f31ee70099549b8a1f7f'},
'59399e56b27987c50e4320ef3b805efb8b2d76463f3084becca90830f3c59b51': {'AddressOfEntryPoint': 52012,
'DebugRVA': 140480,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 139264,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'EnterCriticalSection',
'USER32.dll': 'DispatchMessageA'},
'ImportedFunctions': ['GetVersionExA',
'GetLastError',
'WaitForMultipleObjects',
'ReleaseMutex',
'ReleaseSemaphore',
'LocalFree',
'WaitForSingleObject',
'LocalAlloc',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'CreateEventA',
'CreateMutexA',
'CreateSemaphoreA',
'HeapAlloc',
'GetProcessHeap',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'RaiseException',
'RtlPcToFileHeader',
'RtlUnwindEx',
'HeapFree',
'ExitThread',
'CreateThread',
'WriteConsoleW',
'GetFileType',
'GetStdHandle',
'LCMapStringA',
'LCMapStringW',
'GetCPInfo',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'HeapSetI',
'OpenProcess',
'OpenEventA',
'ResetEvent',
'Sleep',
'CreateFileA',
'CloseHandle',
'SetEvent',
'GetCurrentProcessId',
'GetTickCount',
'GetModuleFileNameA',
'SetUnhandledExceptionFilter',
'GetCurrentThreadId',
'DeleteCriticalSection',
'InitializeCriticalSection',
'LeaveCriticalSection',
'TerminateProcess',
'EnterCriticalSection',
'SetWindowsHookExA',
'UnhookWindowsHookEx',
'MsgWaitForMultipleObjectsEx',
'PeekMessageA',
'TranslateMessage',
'DispatchMessageA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 80,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1840,
'SectionNames': {'.data\x00\x00\x00': 11264,
'.pdata\x00\x00': 9216,
'.rdata\x00\x00': 40960,
'.reloc\x00\x00': 2560,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 132096},
'StackReserveSize': 1048576,
'filename': './data/malware/59399e56b27987c50e4320ef3b805efb8b2d76463f3084becca90830f3c59b51'},
'59545ef5eb03e6eb4b43a9d329d8d43617dd8b146c59203895148bd1b233deee': {'AddressOfEntryPoint': 408080,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 409336,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'hal.dll': 'HalMakeBeep',
'ntoskrnl.exe': 'NtQuerySystemInformation'},
'ImportedFunctions': ['PsGetVersion',
'PsGetCurrentThreadId',
'PsGetCurrentProcessId',
'__C_specific_handler',
'ProbeForWrite',
'KeDelayExecutionThread',
'ProbeForRead',
'_wcsnicmp',
'_stricmp',
'RtlDeleteRegistryValue',
'strstr',
'strrchr',
'strncpy',
'_strnicmp',
'PsDereferencePrimaryToken',
'RtlEqualSid',
'SeQueryInformationToken',
'PsReferencePrimaryToken',
'PsGetProcessWin32Process',
'IoGetCurrentProcess',
'PsSetCreateProcessNotifyRoutine',
'RtlInitUnicodeString',
'IofCompleteRequest',
'__chkstk',
'IoCreateSymbolicLink',
'IoCreateDevice',
'PsSetLoadImageNotifyRoutine',
'ExReleaseFastMutex',
'ExAcquireFastMutex',
'ZwClose',
'ZwCreateFile',
'KeQueryTimeIncrement',
'KeInitializeEvent',
'ZwQuerySystemInformation',
'MmIsAddressValid',
'RtlFreeAnsiString',
'RtlUnicodeStringToAnsiString',
'_vsnwprintf',
'_wcsicmp',
'ZwOpenFile',
'MmUnmapViewInSystemSpace',
'MmMapViewInSystemSpace',
'MmCreateSection',
'PsGetProcessInheritedFromUniqueProcessId',
'ObReferenceObjectByHandle',
'PsGetProcessImageFileName',
'ObQueryNameString',
'IoGetDeviceObjectPointer',
'KeStackAttachProcess',
'KeUnstackDetachProcess',
'PsGetProcessCreateTimeQuadPart',
'ZwQuerySymbolicLinkObject',
'ZwOpenSymbolicLinkObject',
'ZwQueryInformationProcess',
'PsIsThreadTerminating',
'MmGetSystemRoutineAddress',
'PsGetProcessId',
'PsGetThreadProcess',
'ZwOpenProcess',
'ZwOpenDirectoryObject',
'RtlAppendUnicodeStringToString',
'tolower',
'strchr',
'PsLookupProcessByProcessId',
'ObOpenObjectByPointer',
'PsGetProcessSectionBaseAddress',
'ZwOpenProcessTokenEx',
'wcschr',
'RtlCompareUnicodeString',
'ZwQueryObject',
'wcsncpy',
'IoQueryFileDosDeviceName',
'wcsrchr',
'PsGetCurrentThreadPreviousMode',
'PsLookupThreadByThreadId',
'PsGetCurrentProcessSessionId',
'IoFreeMdl',
'MmMapLockedPages',
'MmBuildMdlForNonPagedPool',
'IoAllocateMdl',
'MmUnmapLockedPages',
'CmRegisterCallback',
'PsGetThreadTeb',
'RtlNtStatusToDosError',
'PsGetProcessPeb',
'RtlFreeUnicodeString',
'RtlWriteRegistryValue',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlCreateUnicodeString',
'RtlQueryRegistryValues',
'RtlPrefixUnicodeString',
'ZwQueryValueKey',
'ZwOpenKey',
'ZwSetInformationProcess',
'RtlLengthSid',
'ZwAssignProcessToJobObject',
'ZwSetInformationJobObject',
'ZwCreateJobObject',
'PsGetProcessJob',
'ZwTerminateProcess',
'RtlAddAccessAllowedAceEx',
'RtlAddAce',
'RtlCreateAcl',
'RtlGetAce',
'ZwSetSecurityObject',
'RtlSetDaclSecurityDescriptor',
'RtlCreateSecurityDescriptor',
'RtlGetDaclSecurityDescriptor',
'ZwQuerySecurityObject',
'SeTokenIsRestricted',
'SeFilterToken',
'ObfReferenceObject',
'ZwCreateKey',
'ZwEnumerateValueKey',
'ZwSetValueKey',
'ZwDeleteValueKey',
'RtlCompareMemory',
'RtlAppendUnicodeToString',
'RtlFormatCurrentUserKeyPath',
'ExAllocatePoolWithTag',
'KeBugCheckEx',
'ExFreePoolWithTag',
'ZwConnectPort',
'LpcRequestWaitReplyPort',
'LpcRequestPort',
'ObfDereferenceObject',
'ZwQueryInformationToken',
'_vsnprintf',
'IoAllocateMdl',
'MmProbeAndLockPages',
'MmMapLockedPagesSpecifyCache',
'MmUnlockPages',
'IoFreeMdl',
'ExAllocatePool',
'ExFreePool',
'NtQuerySystemInformation',
'HalMakeBeep'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 138,
'NumberOfSections': 11,
'OSVersion': 5,
'ResSize': 1024,
'SectionNames': {'.Shltr0\x00': 0,
'.Shltr1\x00': 1024,
'.Shltr2\x00': 0,
'.Shltr3\x00': 169472,
'.data\x00\x00\x00': 0,
'.pdata\x00\x00': 0,
'.rdata\x00\x00': 0,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 0,
'INIT\x00\x00\x00\x00': 0},
'StackReserveSize': 262144,
'filename': './data/malware/59545ef5eb03e6eb4b43a9d329d8d43617dd8b146c59203895148bd1b233deee'},
'5976f122d6529e5ae60eec259a850fcf56e6c8820954e2579893aef5ae3352b7': {'AddressOfEntryPoint': 237568,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 0,
'ImageBase': 5368709120,
'ImageVersion': 4,
'ImportedDLL': {'GDI32.dll': 'GetBkColor',
'KERNEL32.dll': 'VirtualAlloc'},
'ImportedFunctions': ['GetBkColor',
'VirtualAlloc'],
'LinkerVersion': 4,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 2,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 972,
'SectionNames': {'.edata\x00\x00': 97280,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 9216},
'StackReserveSize': 3145728,
'filename': './data/malware/5976f122d6529e5ae60eec259a850fcf56e6c8820954e2579893aef5ae3352b7'},
'59c232ac9a7c1893fe374c4833fa8b5962576fc4ef31e663c0782ab1cfcb4220': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1054500,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1054720,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/59c232ac9a7c1893fe374c4833fa8b5962576fc4ef31e663c0782ab1cfcb4220'},
'59c2a6a2f007d06bb1ccde6cfb34444764899c2d2c86501058cad75c3f9724d2': {'AddressOfEntryPoint': 206560,
'DebugRVA': 136704,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 135168,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'ksecdd.sys': 'BCryptGetProperty',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['qsort',
'NtQuerySystemInformation',
'KeAcquireGuardedMutex',
'RtlInitUnicodeString',
'KeSetEvent',
'FsRtlGetVirtualDiskNestingLevel',
'KeInitializeEvent',
'ZwSetValueKey',
'KeInitializeDpc',
'ZwQuerySystemInformation',
'ExReleaseRundownProtection',
'KeReleaseSpinLock',
'ExReleaseSpinLockExclusive',
'ExInitializeRundownProtection',
'KeEnterCriticalRegion',
'KeInitializeTimer',
'KeReleaseGuardedMutex',
'KeDelayExecutionThread',
'PsCreateSystemThread',
'MmMapLockedPagesSpecifyCache',
'ZwQueryValueKey',
'KeQueryTimeIncrement',
'ZwClose',
'KeWaitForSingleObject',
'bsearch',
'KeSetTimer',
'ExRundownCompleted',
'EtwWriteEx',
'ExReInitializeRundownProtection',
'ObfDereferenceObject',
'MmFreePagesFromMdl',
'KeCancelTimer',
'KeQueryPriorityThread',
'IoGetIoPriorityHint',
'ZwOpenKey',
'KeAcquireSpinLockRaiseToDpc',
'IoReuseIrp',
'IoGetLowerDeviceObject',
'EtwUnregister',
'ExfAcquirePushLockExclusive',
'InFeuRematedDeviceObject',
'IoDeleteDevice',
'RtlSetAllBits',
'EtwRegister',
'IoSetThreadHardErrorMode',
'IoDetachDevice',
'MmBuildMdlForNonPagedPool',
'KeReleaseSpinLockFromDpcLevel',
'RtlSetBit',
'ExfReleasePushLockShared',
'ZwSetInformationFile',
'KeSetTimerEx',
'IoForwardIrpSynchronously',
'ObQueryNameString',
'IoFileObjectType',
'ExReleaseSpinLockExclusiveFromDpcLevel',
'MmSizeOfMdl',
'RtlAreBitsSet',
'ExfAcquirePushLockShared',
'ExEventObjectType',
'PoStartNextPowerIrp',
'IofCompleteRequest',
'IoGetDeviceAttachmentBaseRef',
'ExfTryToWakePushLock',
'ZwQueryVolumeInformationFile',
'ObReferenceObjectByHandle',
'ObCloseHandle',
'IoFreeIrp',
'PsInitialSystemProcess',
'MmProbeAndLockPages',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoGetStackLimits',
'IoAllocateIrp',
'MmUnlockPages',
'ExAcquireSpinLockExclusiveAtDpcLevel',
'ExAcquireSpinLockShared',
'ObfReferenceObject',
'IoCreateDevice',
'RtlFindNextForwardRunClear',
'RtlClearBits',
'KeWaitForMultipleObjects',
'KeAcquireSpinLockAtDpcLevel',
'ExReleaseSpinLockSharedFromDpcLevel',
'ExAcquireSpinLockSharedAtDpcLevel',
'IofCallDriver',
'RtlAreBitsClear',
'MmUnmapLockedPages',
'KdDebuggerEnabled',
'KeBugCheckEx',
'DbgPrint',
'IoSetIoPriorityHint',
'KeInitializeGuardedMutex',
'KeLeaveCriticalRegion',
'MmGetSystemRoutineAddress',
'ZwSetSecurityObject',
'IoDeviceObjectType',
'ObOpenObjectByPointer',
'_snwprintf',
'RtlLengthSecurityDescriptor',
'SeCaptureSecurityDescriptor',
'RtlGetSaclSecurityDescriptor',
'RtlGetGroupSecurityDescriptor',
'RtlGetDaclSecurityDescriptor',
'RtlGetOwnerSecurityDescriptor',
'wcschr',
'_wcsnicmp',
'RtlSetDaclSecurityDescriptor',
'RtlAddAccessAllowedAce',
'RtlAbsoluteToSelfRelativeSD',
'IoIsWdmVersionAvailable',
'SeExports',
'RtlLengthSid',
'RtlCreateSecurityDescriptor',
'ZwCreateKey',
'RtlFreeUnicodeString',
'RtlSubAuthoritySid',
'RtlLengthRequiredSid',
'IoBuildDeviceIoControlRequest',
'IoRegisterPlugPlayNotification',
'ZwSetSystemInformation',
'ZwFsControlFile',
'NtWriteFile',
'RtlCreateAcl',
'KeInitializeApc',
'KeInsertQueueApc',
'IoCreateFile',
'RtlQueryRegistryValues',
'ZwDeleteValueKey',
'MmFreeMappingAddress',
'MmGetPhysicalAddress',
'ZwCreateFile',
'MmMapLockedPagesWithReservedMapping',
'MmAllocateMappingAddress',
'MmUnmapReservedMapping',
'ZwEnumerateValueKey',
'IoUnregisterPlugPlayNotification',
'ZwDuplicateObject',
'MmCreateMdl',
'RtlInitializeSid',
'ZwQueryInformationFile',
'ZwWriteFile',
'NtReadFile',
'IoSynchronousPageWrite',
'isprint',
'wcsstr',
'EtwWrite',
'ExFreePoolWithTag',
'MmAllocatePagesForMdlEx',
'KeSetActualBasePriorityThread',
'KeClearEvent',
'ExAcquireSpinLockExclusive',
'ExAllocatePoolWithTag',
'ExAcquireRundownProtection',
'ExWaitForRundownProtectionRelease',
'RtlComputeCrc32',
'ExQueueWorkItem',
'__chkstk',
'__C_specific_handler',
'KeQueryPerformanceCounter',
'BCryptDecrypt',
'BCryptCloseAlgorithmProvider',
'BCryptDestroyKey',
'BCryptOpenAlgorithmProvider',
'BCryptGenRandom',
'BCryptEncrypt',
'BCryptGenerateSymmetricKey',
'BCryptSetProperty',
'BCryptGetProperty'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 169,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 20248,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 4608,
'.rdata\x00\x00': 9728,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 20480,
'.text\x00\x00\x00': 128000,
'INIT\x00\x00\x00\x00': 7680,
'PAGE\x00\x00\x00\x00': 33792},
'StackReserveSize': 262144,
'filename': './data/malware/59c2a6a2f007d06bb1ccde6cfb34444764899c2d2c86501058cad75c3f9724d2'},
'59e6176a2d95519b793531b4ca584e34d7195158fc7bb280e86cbc23d2bfb185': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 498960,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 499200,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/59e6176a2d95519b793531b4ca584e34d7195158fc7bb280e86cbc23d2bfb185'},
'5a00ec85e0de347e52e9431543e7e19218994498fa561f07928f15b906afebc3': {'AddressOfEntryPoint': 134704,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 278528,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 3164,
'SectionNames': {'.data\x00\x00\x00': 21504,
'.pdata\x00\x00': 11264,
'.rdata\x00\x00': 75264,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 272384},
'StackReserveSize': 1048576,
'filename': './data/malware/5a00ec85e0de347e52e9431543e7e19218994498fa561f07928f15b906afebc3'},
'5a10a670b1f0f4609411055c234193ace3ee941de8c07efdcbe5717789bb3a48': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 388616,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 389120,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/5a10a670b1f0f4609411055c234193ace3ee941de8c07efdcbe5717789bb3a48'},
'5a434c49cb043580e18b6ca33a01e61e9e65c1fdc26aa89ccc0c8923400a23b6': {'AddressOfEntryPoint': 33720,
'DebugRVA': 12672,
'DebugSize': 28,
'Dll': 8192,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'ntoskrnl.exe': 'KeBugCheckEx'},
'ImportedFunctions': ['IoAcquireRemoveLockEx',
'IoWMIRegistrationControl',
'ExReleaseFastMutex',
'ExAcquireFastMutex',
'PoRegisterDeviceForIdleDetection',
'RtlInitUnicodeString',
'IoDeleteDevice',
'KeSetEvent',
'MmGetSystemRoutineAddress',
'KeInitializeEvent',
'RtlQueryRegistryValues',
'IoReleaseRemoveLockEx',
'IoDetachDevice',
'PoRequestPowerIrp',
'PoRegisterPowerSettingCallback',
'PoSetPowerState',
'RtlGUIDFromString',
'PoStartNextPowerIrp',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'KeWaitForSingleObject',
'IoGetAttachedDeviceReference',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'RtlCompareMemory',
'ObfDereferenceObject',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoGetDeviceProperty',
'PoUnregisterPowerSettingCallback',
'IofCallDriver',
'ExAllocatePoolWithTag',
'IoBuildDeviceIoControlRequest',
'ExFreePoolWithTag',
'IoBuildSynchronousFsdRequest',
'IoIs32bitProcess',
'ZwSetValueKey',
'MmBuildMdlForNonPagedPool',
'IoFreeMdl',
'ZwQueryValueKey',
'ZwClose',
'IoFreeIrp',
'IoAllocateIrp',
'IoOpenDeviceRegistryKey',
'IoAllocateMdl',
'KeBugCheckEx'],
'LinkerVersion': 10,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 46,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 904,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 5632,
'INIT\x00\x00\x00\x00': 2560,
'PAGE\x00\x00\x00\x00': 6656},
'StackReserveSize': 262144,
'filename': './data/malware/5a434c49cb043580e18b6ca33a01e61e9e65c1fdc26aa89ccc0c8923400a23b6'},
'5a78cbd3d93d3c418b081baf415f9fe087c1b4d8a9a7aadb610fa7f3cb16ecc2': {'AddressOfEntryPoint': 18492,
'DebugRVA': 49776,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'HeapReAlloc'},
'ImportedFunctions': ['WriteProcessMemory',
'VirtualProtectEx',
'GetProcAddress',
'GetModuleHandleW',
'ReadProcessMemory',
'WideCharToMultiByte',
'OpenProcess',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'RaiseException',
'RtlPcToFileHeader',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'GetLastError',
'FlsAlloc',
'HeapAlloc',
'HeapFree',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'Sleep',
'ExitProcess',
'GetModuleFileNameW',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'LoadLibraryA',
'GetLocaleInfoA',
'LCMapStringA',
'MultiByteToWideChar',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'InitializeCriticalSectionAndSpinCount',
'HeapReAlloc'],
'LinkerVersion': 9,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 65,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1424,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 14848,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 42496},
'StackReserveSize': 1048576,
'filename': './data/malware/5a78cbd3d93d3c418b081baf415f9fe087c1b4d8a9a7aadb610fa7f3cb16ecc2'},
'5a87d463ec341664142d5dfebce4cecdcdd3f8259b51f86d5f797c18d83b8f66': {'AddressOfEntryPoint': 52904,
'DebugRVA': 95600,
'DebugSize': 28,
'Dll': 33024,
'ExportRVA': 104464,
'ExportSize': 51,
'IATRVA': 94208,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'COMDLG32.dll': 'GetSaveFileNameA',
'GDI32.dll': 'DeleteDC',
'KERNEL32.dll': 'DosDateTimeToFileTime',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'SHChangeNotify',
'USER32.dll': 'DispatchMessageA',
'ole32.dll': 'CLSIDFromString'},
'ImportedFunctions': ['DeleteFileA',
'DeleteFileW',
'CreateDirectoryA',
'CreateDirectoryW',
'FindClose',
'FindNextFileA',
'FindFirstFileA',
'FindNextFileW',
'FindFirstFileW',
'GetTickCount',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetVersionExA',
'GlobalAlloc',
'lstrlenA',
'GetModuleFileNameA',
'FindResourceA',
'GetModuleHandleA',
'HeapAlloc',
'GetProcessHeap',
'HeapFree',
'HeapReAlloc',
'CompareStringA',
'ExitProcess',
'GetLocaleInfoA',
'GetNumberFormatA',
'lstrcmpiA',
'GetProcAddress',
'GetDateFormatA',
'GetTimeFormatA',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'ExpandEnvironmentStringsA',
'WaitForSingleObject',
'SetCurrentDirectoryA',
'Sleep',
'GetTempPathA',
'MoveFileExA',
'UnmapViewOfFile',
'GetCommandLineA',
'MapViewOfFile',
'CreateFileMappingA',
'GetModuleFileNameW',
'SetEnvironmentVariableA',
'OpenFileMappingA',
'LocalFileTimeToFileTime',
'SystemTimeToFileTime',
'GetSystemTime',
'IsDBCSLeadByte',
'GetCPInfo',
'FreeLibrary',
'LoadLibraryA',
'GetCurrentDirectoryA',
'GetFullPathNameA',
'SetFileAttributesW',
'SetFileAttributesA',
'GetFileAttributesW',
'GetFileAttributesA',
'WriteFile',
'GetStdHandle',
'SetLastError',
'ReadFile',
'CreateFileW',
'CreateFileA',
'GetFileType',
'SetEndOfFile',
'SetFilePointer',
'MoveFileA',
'SetFileTime',
'GetCurrentProcess',
'CloseHandle',
'GetLastError',
'DosDateTimeToFileTime',
'FindWindowExA',
'GetClassNameA',
'ReleaseDC',
'GetDC',
'SendMessageA',
'wsprintfA',
'SetDlgItemTextA',
'EndDialog',
'DestroyIcon',
'SendDlgItemMessageA',
'GetDlgItemTextA',
'DialogBoxParamA',
'IsWindowVisible',
'WaitForInputIdle',
'GetSysColor',
'PostMessageA',
'SetMenu',
'SetFocus',
'LoadBitmapA',
'LoadIconA',
'CharToOemA',
'OemToCharA',
'wvsprintfA',
'SetWindowLongA',
'CharUpperA',
'GetWindowRect',
'GetParent',
'MapWindowPoints',
'CreateWindowExA',
'UpdateWindow',
'SetWindowTextA',
'LoadCursorA',
'RegisterClassExA',
'SetWindowLongPtrA',
'GetWindowLongPtrA',
'DefWindowProcA',
'PeekMessageA',
'GetMessageA',
'TranslateMessage',
'DestroyWindow',
'GetClientRect',
'CopyRect',
'IsWindow',
'MessageBoxA',
'ShowWindow',
'GetDlgItem',
'EnableWindow',
'CharToOemBuffA',
'LoadStringA',
'SetWindowPos',
'GetWindowTextA',
'GetSystemMetrics',
'GetWindow',
'GetWindowLongA',
'OemToCharBuffA',
'DispatchMessageA',
'GetDeviceCaps',
'GetObjectA',
'CreateCompatibleBitmap',
'SelectObject',
'StretchBlt',
'CreateCompatibleDC',
'DeleteObject',
'DeleteDC',
'GetOpenFileNameA',
'CommDlgExtendedError',
'GetSaveFileNameA',
'LookupPrivilegeValueA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCreateKeyExA',
'RegSetValueExA',
'RegCloseKey',
'SetFileSecurityW',
'SetFileSecurityA',
'OpenProcessToken',
'AdjustTokenPrivileges',
'ShellExecuteExA',
'SHFileOperationA',
'SHGetFileInfoA',
'SHGetSpecialFolderLocation',
'SHGetMalloc',
'SHBrowseForFolderA',
'SHGetPathFromIDListA',
'SHChangeNotify',
'CreateStreamOnHGlobal',
'OleInitialize',
'CoCreateInstance',
'OleUninitialize',
'CLSIDFromString',
'VariantInit'],
'LinkerVersion': 9,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 164,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 109296,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 4096,
'.rdata\x00\x00': 10752,
'.rsrc\x00\x00\x00': 109568,
'.text\x00\x00\x00': 86528},
'StackReserveSize': 1048576,
'filename': './data/malware/5a87d463ec341664142d5dfebce4cecdcdd3f8259b51f86d5f797c18d83b8f66'},
'5abc656d62b39862f29c82a27b788d46d8144dae3c5a8e4b87a3caa72f76384d': {'AddressOfEntryPoint': 57832,
'DebugRVA': 161248,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 159744,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueA',
'COMCTL32.dll': 'PropertySheetA',
'GDI32.dll': 'CreateSolidBrush',
'KERNEL32.dll': 'SetEnvironmentVariableW',
'SHELL32.dll': 'ShellExecuteA',
'USER32.dll': 'SetDlgItemTextA',
'ole32.dll': 'CoInitialize'},
'ImportedFunctions': ['CreatePropertySheetPageA',
'PropertySheetA',
'FreeLibrary',
'SetStdHandle',
'GetStdHandle',
'LocalFree',
'FormatMessageA',
'GetTempFileNameA',
'GetTempPathA',
'GetModuleHandleA',
'GetVersionExA',
'ResumeThread',
'SetPriorityClass',
'GetCurrentProcess',
'GetCurrentThread',
'SetThreadPriority',
'CreateProcessA',
'GetModuleFileNameA',
'RemoveDirectoryA',
'GetPrivateProfileIntA',
'GetPrivateProfileStringA',
'SetEndOfFile',
'CompareStringA',
'CompareStringW',
'GetFileSize',
'HeapSize',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'FlushFileBuffers',
'IsValidLocale',
'EnumSystemLocalesA',
'GetLocaleInfoA',
'GetUserDefaultLCID',
'GetStringTypeW',
'GetStringTypeA',
'LCMapStringW',
'LCMapStringA',
'GetCurrentProcessId',
'GetTickCount',
'QueryPerformanceCounter',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'InitializeCriticalSectionAndSpinCount',
'SetConsoleCtrlHandler',
'GetConsoleMode',
'SetFilePointer',
'ReadFile',
'DeleteFileA',
'MultiByteToWideChar',
'LoadLibraryA',
'GetProcAddress',
'lstrlenA',
'GetLocaleInfoW',
'UnmapViewOfFile',
'CreateFileA',
'GetLastError',
'DosDateTimeToFileTime',
'SetFileTime',
'CloseHandle',
'CreateFileMappingA',
'MapViewOfFile',
'GetFileAttributesA',
'CreateDirectoryA',
'SetLastError',
'GetConsoleCP',
'SetHandleCount',
'FatalAppExitA',
'DeleteCriticalSection',
'GetProcessHeap',
'RtlUnwindEx',
'GetSystemTimeAsFileTime',
'HeapFree',
'HeapAlloc',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'GetFileInformationByHandle',
'PeekNamedPipe',
'GetFileType',
'EnterCriticalSection',
'LeaveCriticalSection',
'GetDateFormatA',
'GetTimeFormatA',
'HeapReAlloc',
'GetModuleHandleW',
'Sleep',
'ExitProcess',
'GetCommandLineA',
'GetStartupInfoA',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'WideCharToMultiByte',
'GetTimeZoneInformation',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'EncodePointer',
'DecodePointer',
'TlsAlloc',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'GetCurrentThreadId',
'FlsAlloc',
'HeapSetInformation',
'HeapCreate',
'HeapDestroy',
'WriteFile',
'SetEnvironmentVariableA',
'SetEnvironmentVariableW',
'wsprintfA',
'GetFocus',
'ShowWindow',
'SetCursor',
'GetDlgItem',
'SendDlgItemMessageA',
'GetParent',
'PostMessageA',
'GetWindowRect',
'MoveWindow',
'LoadCursorA',
'RegisterClassA',
'CreateWindowExA',
'MessageBoxA',
'UpdateWindow',
'DefWindowProcA',
'BeginPaint',
'GetSystemMetrics',
'EndPaint',
'TranslateMessage',
'DispatchMessageA',
'PeekMessageA',
'GetDC',
'ReleaseDC',
'SendMessageA',
'SetDlgItemTextA',
'CreateFontA',
'SelectObject',
'SetBkMode',
'TextOutA',
'SetTextColor',
'DeleteObject',
'CreateDIBitmap',
'CreateSolidBrush',
'RegDeleteValueA',
'RegEnumKeyExA',
'RegCloseKey',
'RegQueryValueExA',
'RegDeleteKeyA',
'RegCreateKeyExA',
'RegSetValueExA',
'RegOpenKeyExA',
'RegQueryValueA',
'ShellExecuteA',
'CoCreateInstance',
'CoUninitialize',
'CoInitialize'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 165,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 5104,
'SectionNames': {'.data\x00\x00\x00': 6144,
'.pdata\x00\x00': 7168,
'.rdata\x00\x00': 50688,
'.rsrc\x00\x00\x00': 5120,
'.text\x00\x00\x00': 153600},
'StackReserveSize': 1048576,
'filename': './data/malware/5abc656d62b39862f29c82a27b788d46d8144dae3c5a8e4b87a3caa72f76384d'},
'5b0842bc78915d712da423587af2b2b17bc21c6ac6713d3b4c2b61daeb167165': {'AddressOfEntryPoint': 211044,
'DebugRVA': 1278384,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 1273856,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 50540,
'SectionNames': {'.data\x00\x00\x00': 482304,
'.pdata\x00\x00': 72704,
'.rdata\x00\x00': 550400,
'.rsrc\x00\x00\x00': 50688,
'.text\x00\x00\x00': 1269248},
'StackReserveSize': 1048576,
'filename': './data/malware/5b0842bc78915d712da423587af2b2b17bc21c6ac6713d3b4c2b61daeb167165'},
'5b7b07d1a22abe6baa665864312ff2990cfa41e9fc50b71041742a612f11f7c7': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 194180,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 194560,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/5b7b07d1a22abe6baa665864312ff2990cfa41e9fc50b71041742a612f11f7c7'},
'5bbc6c1cbc6b22f38d4691e4dee1a171258b74c5cb6bd4196eee46a43f35d926': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 304576,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 304640,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/5bbc6c1cbc6b22f38d4691e4dee1a171258b74c5cb6bd4196eee46a43f35d926'},
'5bfe3a260c9473b51f584505b45e3b4c6e90b412b303f792ed35b8e6920c4b9b': {'AddressOfEntryPoint': 7053,
'DebugRVA': 4496,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 2680,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 3072,
'.text\x00\x00\x00': 4608},
'StackReserveSize': 524288,
'filename': './data/malware/5bfe3a260c9473b51f584505b45e3b4c6e90b412b303f792ed35b8e6920c4b9b'},
'5c1ff70e2603b10fbced58f7af99fee9ec7cbba62979ec3a0857aee7c682a45b': {'AddressOfEntryPoint': 134704,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 278528,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 3164,
'SectionNames': {'.data\x00\x00\x00': 21504,
'.pdata\x00\x00': 11264,
'.rdata\x00\x00': 75264,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 272384},
'StackReserveSize': 1048576,
'filename': './data/malware/5c1ff70e2603b10fbced58f7af99fee9ec7cbba62979ec3a0857aee7c682a45b'},
'5c56da74208db017c583e9b002b348a2e56dad3316eb08860b126a10e5967dff': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegSetValueExW',
'KERNEL32.dll': 'SetFileAttributesW',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'GetTickCount',
'SetUnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetCurrentProcessId',
'QueryPerformanceCounter',
'GetCommandLineW',
'UnhandledExceptionFilter',
'ExitProcess',
'HeapSetInformation',
'EnumResourceNamesW',
'FindResourceW',
'FreeLibrary',
'LoadResource',
'CreateProcessW',
'HeapAlloc',
'GetSystemWindowsDirectoryW',
'HeapFree',
'CreateDirectoryW',
'WaitForSingleObject',
'GetProcessHeap',
'WriteFile',
'GetSystemDirectoryW',
'LoadLibraryW',
'SizeofResource',
'GetExitCodeProcess',
'CreateFileW',
'GetLastError',
'GetCurrentDirectoryW',
'GetProcAddress',
'LockResource',
'SetCurrentDirectoryW',
'RemoveDirectoryW',
'CloseHandle',
'DeleteFileW',
'SetFileAttributesW',
'RegCloseKey',
'RegOpenKeyExW',
'RegDeleteValueW',
'RegQueryValueExW',
'RegCreateKeyExW',
'RegSetValueExW',
'memset',
'DbgPrint',
'memcpy'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 50,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 3396408,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 3396608,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/5c56da74208db017c583e9b002b348a2e56dad3316eb08860b126a10e5967dff'},
'5c904dba6263766e9f388a26b383f165c10b4d06b12ae0846fa18a6a303ad03e': {'AddressOfEntryPoint': 1074302941,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 315392,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'GetSystemInfo',
'OLEAUT32.dll': 'VariantCopy',
'SETUPAPI.dll': 'CM_Get_DevNode_Status_Ex',
'SHELL32.dll': 'ShellExecuteA',
'SHLWAPI.dll': 'PathIsUNCA',
'USER32.dll': 'ValidateRect',
'VERSION.dll': 'VerQueryValueA',
'WINSPOOL.DRV': 'OpenPrinterA',
'comdlg32.dll': 'GetFileTitleA',
'newdev.dll': 'UpdateDriverForPlugAndPlayDevicesA',
'ole32.dll': 'CoRevokeClassObject'},
'ImportedFunctions': ['SetupDiRemoveDevice',
'SetupOpenInfFileA',
'SetupFindFirstLineA',
'SetupGetStringFieldA',
'SetupCloseInfFile',
'SetupCopyOEMInfA',
'SetupDiGetClassDevsA',
'SetupDiGetDeviceInstanceIdA',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiSetClassInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiGetDeviceInstallParamsA',
'SetupDiGetDeviceInfoListDetailA',
'CM_Get_DevNode_Status_Ex',
'UpdateDriverForPlugAndPlayDevicesA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'ReadFile',
'WriteFile',
'SetFilePointer',
'FlushFileBuffers',
'LockFile',
'UnlockFile',
'SetEndOfFile',
'GetFileSize',
'GetThreadLocale',
'DuplicateHandle',
'GetVolumeInformationA',
'GetFullPathNameA',
'CreateFileA',
'GetCPInfo',
'GetOEMCP',
'FileTimeToSystemTime',
'SetErrorMode',
'FileTimeToLocalFileTime',
'GetFileAttributesA',
'GetFileTime',
'GetTickCount',
'HeapAlloc',
'HeapFree',
'HeapReAlloc',
'VirtualProtect',
'VirtualAlloc',
'GlobalFlags',
'VirtualQuery',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'ExitProcess',
'GetProcessHeap',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'HeapSize',
'GetStdHandle',
'HeapSetInformation',
'HeapCreate',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlVirtualUnwind',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'GetACP',
'SetHandleCount',
'GetFileType',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'GetStringTypeA',
'GetStringTypeW',
'GetTimeZoneInformation',
'LCMapStringA',
'LCMapStringW',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'SetEnvironmentVariableA',
'WritePrivateProfileStringA',
'TlsFree',
'DeleteCriticalSection',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'GlobalGetAtomNameA',
'GlobalFindAtomA',
'lstrcmpW',
'GetVersionExA',
'GetModuleFileNameW',
'FreeResource',
'GetCurrentProcessId',
'GlobalAddAtomA',
'CloseHandle',
'GetCurrentThread',
'GetCurrentThreadId',
'ConvertDefaultLocale',
'EnumResourceLanguagesA',
'GetModuleFileNameA',
'GetLocaleInfoA',
'LoadLibraryA',
'lstrcmpA',
'FreeLibrary',
'GlobalDeleteAtom',
'GetModuleHandleA',
'GetProcAddress',
'GlobalLock',
'GlobalUnlock',
'FormatMessageA',
'MulDiv',
'SetLastError',
'CreateThread',
'lstrcpyA',
'SetFileAttributesA',
'DeleteFileA',
'FindFirstFileA',
'FindClose',
'FindNextFileA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GlobalFree',
'lstrcatA',
'GetCommandLineA',
'GetCurrentProcess',
'Sleep',
'LocalFree',
'LocalAlloc',
'FindResourceA',
'LoadResource',
'LockResource',
'SizeofResource',
'lstrlenA',
'CompareStringW',
'CompareStringA',
'GetVersion',
'GetLastError',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetSystemInfo',
'IsRectEmpty',
'SetRect',
'InvalidateRect',
'InvalidateRgn',
'GetNextDlgGroupItem',
'MessageBeep',
'UnregisterClassA',
'DestroyMenu',
'RegisterClipboardFormatA',
'PostThreadMessageA',
'GetWindowDC',
'ClientToScreen',
'GrayStringA',
'DrawTextExA',
'DrawTextA',
'TabbedTextOutA',
'ShowWindow',
'MoveWindow',
'SetWindowTextA',
'IsDialogMessageA',
'RegisterWindowMessageA',
'SendDlgItemMessageA',
'WinHelpA',
'IsChild',
'GetCapture',
'GetClassLongA',
'GetClassNameA',
'GetClassLongPtrA',
'SetPropA',
'GetPropA',
'RemovePropA',
'SetFocus',
'GetWindowTextA',
'GetForegroundWindow',
'GetTopWindow',
'GetWindowLongPtrA',
'SetWindowLongPtrA',
'GetMessageTime',
'GetMessagePos',
'CopyAcceleratorTableA',
'SetForegroundWindow',
'UpdateWindow',
'GetMenu',
'CreateWindowExA',
'GetClassInfoExA',
'GetClassInfoA',
'RegisterClassA',
'GetSysColor',
'AdjustWindowRectEx',
'EqualRect',
'PtInRect',
'GetDlgCtrlID',
'DefWindowProcA',
'CallWindowProcA',
'SetWindowLongA',
'OffsetRect',
'IntersectRect',
'SystemParametersInfoA',
'GetWindowPlacement',
'GetWindowRect',
'UnhookWindowsHookEx',
'GetWindow',
'SetWindowContextHelpId',
'MapDialogRect',
'SetWindowPos',
'ReleaseDC',
'GetDC',
'CopyRect',
'GetDesktopWindow',
'SetActiveWindow',
'CreateDialogIndirectParamA',
'DestroyWindow',
'IsWindow',
'GetDlgItem',
'GetNextDlgTabItem',
'CharUpperA',
'DrawIcon',
'SendMessageA',
'EndDialog',
'GetWindowThreadProcessId',
'GetWindowLongA',
'GetLastActivePopup',
'IsWindowEnabled',
'SetWindowsHookExA',
'CallNextHookEx',
'GetMessageA',
'TranslateMessage',
'DispatchMessageA',
'GetActiveWindow',
'IsWindowVisible',
'GetKeyState',
'PeekMessageA',
'GetCursorPos',
'CharNextA',
'ReleaseCapture',
'SetCapture',
'GetSysColorBrush',
'EndPaint',
'MapWindowPoints',
'BeginPaint',
'IsIconic',
'GetClientRect',
'LoadIconA',
'EnableWindow',
'GetSystemMetrics',
'MessageBoxA',
'SetCursor',
'LoadCursorA',
'ExitWindowsEx',
'GetSubMenu',
'GetMenuItemCount',
'GetMenuItemID',
'GetMenuState',
'PostQuitMessage',
'PostMessageA',
'CheckMenuItem',
'EnableMenuItem',
'ModifyMenuA',
'GetParent',
'GetFocus',
'LoadBitmapA',
'GetMenuCheckMarkDimensions',
'SetMenuItemBitmaps',
'ValidateRect',
'SetMapMode',
'ExtSelectClipRgn',
'DeleteDC',
'GetStockObject',
'GetMapMode',
'GetBkColor',
'GetTextColor',
'GetRgnBox',
'RestoreDC',
'SaveDC',
'GetObjectA',
'SetBkColor',
'SetTextColor',
'GetClipBox',
'CreateRectRgnIndirect',
'CreateBitmap',
'GetDeviceCaps',
'ScaleWindowExtEx',
'SetWindowExtEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'SelectObject',
'Escape',
'ExtTextOutA',
'TextOutA',
'RectVisible',
'PtVisible',
'GetWindowExtEx',
'GetViewportExtEx',
'DeleteObject',
'GetFileTitleA',
'ClosePrinter',
'DocumentPropertiesA',
'OpenPrinterA',
'RegQueryValueA',
'RegEnumKeyA',
'RegOpenKeyExA',
'RegDeleteKeyA',
'RegCreateKeyA',
'RegSetValueExA',
'RegQueryValueExA',
'RegCloseKey',
'RegOpenKeyA',
'RegDeleteValueA',
'OpenProcessToken',
'LookupPrivilegeValueA',
'AdjustTokenPrivileges',
'RegCreateKeyExA',
'ShellExecuteA',
'PathFindExtensionA',
'PathFindFileNameA',
'PathStripToRootA',
'SHDeleteKeyA',
'PathIsUNCA',
'CreateILockBytesOnHGlobal',
'StgCreateDocfileOnILockBytes',
'StgOpenStorageOnILockBytes',
'CoGetClassObject',
'CLSIDFromString',
'CLSIDFromProgID',
'CoTaskMemAlloc',
'CoTaskMemFree',
'OleUninitialize',
'CoFreeUnusedLibraries',
'OleInitialize',
'OleFlushClipboard',
'CoRegisterMessageFilter',
'OleIsCurrentClipboard',
'CoRevokeClassObject',
'SysFreeString',
'SysAllocStringLen',
'VariantClear',
'VariantChangeType',
'VariantInit',
'SysStringLen',
'SysAllocStringByteLen',
'OleCreateFontIndirect',
'VariantTimeToSystemTime',
'SystemTimeToVariantTime',
'SafeArrayDestroy',
'SysAllocString',
'VariantCopy'],
'LinkerVersion': 8,
'NumberOfImportDLL': 14,
'NumberOfImportFunctions': 364,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 65124,
'StackReserveSize': 1048576,
'filename': './data/malware/5c904dba6263766e9f388a26b383f165c10b4d06b12ae0846fa18a6a303ad03e'},
'5c9db4ece4efdab4ef8ee14727084031e71a257d8409bcd68a5231c83df78e86': {'AddressOfEntryPoint': 17588,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 32768,
'ImageBase': 65536,
'ImageVersion': 0,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'ntoskrnl.exe': '_wcsicmp'},
'ImportedFunctions': ['RtlEqualUnicodeString',
'MmGetSystemRoutineAddress',
'RtlInitUnicodeString',
'ZwOpenFile',
'ZwCreateFile',
'ZwReadFile',
'ZwWriteFile',
'ZwClose',
'ZwSetInformationFile',
'ZwQueryInformationFile',
'ExFreePoolWithTag',
'ExAllocatePool',
'PsCreateSystemThread',
'IoDeleteDevice',
'IoDetachDevice',
'IofCompleteRequest',
'IofCallDriver',
'KeReleaseInStackQueuedSpinLock',
'KeAcquireInStackQueuedSpinLock',
'IoQueryFileInformation',
'ObfDereferenceObject',
'IoAttachDeviceToDeviceStackSafe',
'IoCreateDevice',
'IoGetRelatedDeviceObject',
'ObReferenceObjectByHandle',
'PsTerminateSystemThread',
'KeDelayExecutionThread',
'PsGetCurrentProcessId',
'PsGetProcessImageFileName',
'IoGetCurrentProcess',
'IoCreateSymbolicLink',
'ZwQuerySystemInformation',
'KeSetEvent',
'IoFreeIrp',
'IoFreeMdl',
'KeWaitForSingleObject',
'MmBuildMdlForNonPagedPool',
'KeInitializeEvent',
'IoAllocateMdl',
'IoAllocateIrp',
'PsGetProcessId',
'IoGetRequestorProcess',
'IoAttachDevice',
'ZwTerminateProcess',
'ObOpenObjectByPointer',
'PsProcessType',
'PsInitialSystemProcess',
'__C_specific_handler',
'ObfReferenceObject',
'PsDereferencePrimaryToken',
'PsReferencePrimaryToken',
'ZwSetInformationProcess',
'ZwDuplicateToken',
'SeTokenObjectType',
'RtlGetVersion',
'RtlRandom',
'ZwOpenKey',
'ZwCreateKey',
'ZwQueryValueKey',
'wcsncpy',
'ZwSetValueKey',
'ZwEnumerateKey',
'ZwDeleteKey',
'PsGetVersion',
'_wcsnicmp',
'ZwFlushKey',
'swprintf',
'wcsncmp',
'ZwLoadDriver',
'sprintf',
'KeBugCheck',
'PoStartNextPowerIrp',
'IoThreadToProcess',
'_stricmp',
'RtlCompareUnicodeString',
'KeReleaseMutex',
'qsort',
'wcschr',
'ObFindHandleForObject',
'CmRegisterCallback',
'PsThreadType',
'KeInitializeMutex',
'ExReleaseFastMutex',
'ExAcquireFastMutex',
'towlower',
'_snwprintf',
'ZwQueryDirectoryFile',
'MmUnlockPages',
'MmUnmapLockedPages',
'MmMapLockedPagesSpecifyCache',
'MmProbeAndLockPages',
'wcsstr',
'MmHighestUserAddress',
'PsSetLoadImageNotifyRoutine',
'PsLookupProcessByProcessId',
'_wcsicmp',
'KeQueryPerformanceCounter'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 97,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 8192,
'.reloc\x00\x00': 1024,
'.text\x00\x00\x00': 26624,
'INIT\x00\x00\x00\x00': 3072},
'StackReserveSize': 262144,
'filename': './data/malware/5c9db4ece4efdab4ef8ee14727084031e71a257d8409bcd68a5231c83df78e86'},
'5d0f268e678a5c5cdb08e1c78907d667f4a4ea039cbbd0b4c58789f4f197b737': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3428,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 3584,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/5d0f268e678a5c5cdb08e1c78907d667f4a4ea039cbbd0b4c58789f4f197b737'},
'5d415f30075b6d3c3f65205e049ff1fe89115bda7e36ea162b85b10d3e08aefd': {'AddressOfEntryPoint': 1073841845,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 53248,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'GetStartupInfoA',
'SETUPAPI.dll': 'CM_Locate_DevNodeW',
'SHELL32.dll': 'ShellExecuteExW',
'SHLWAPI.dll': 'SHSetValueW'},
'ImportedFunctions': ['GetCurrentProcess',
'GetProcAddress',
'WideCharToMultiByte',
'CreateEventW',
'GetVersionExW',
'GetLastError',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'FindResourceExW',
'MultiByteToWideChar',
'GetExitCodeProcess',
'WaitForSingleObject',
'SetCurrentDirectoryW',
'FreeLibrary',
'LoadLibraryW',
'GetLocaleInfoA',
'GetStringTypeW',
'GetStringTypeA',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetTickCount',
'QueryPerformanceCounter',
'RaiseException',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSection',
'DeleteCriticalSection',
'HeapDestroy',
'HeapAlloc',
'HeapFree',
'HeapReAlloc',
'HeapSize',
'GetProcessHeap',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'GetModuleHandleW',
'Sleep',
'ExitProcess',
'RtlPcToFileHeader',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'LCMapStringA',
'LCMapStringW',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'LoadLibraryA',
'InitializeCriticalSectionAndSpinCount',
'HeapSetInformation',
'HeapCreate',
'GetModuleFileNameW',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'ShellExecuteExW',
'PathIsDirectoryW',
'PathFileExistsW',
'SHSetValueW',
'CM_Get_Sibling',
'CM_Get_Device_IDW',
'CM_Get_Child',
'CM_Locate_DevNodeW'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 83,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 16788,
'StackReserveSize': 1048576,
'filename': './data/malware/5d415f30075b6d3c3f65205e049ff1fe89115bda7e36ea162b85b10d3e08aefd'},
'5d9d8c129d9464885a9076159cb413d2d7c928ea0e2fe3a7b3acde77d29978fc': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1132284,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1132544,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/5d9d8c129d9464885a9076159cb413d2d7c928ea0e2fe3a7b3acde77d29978fc'},
'5db1ada64170e7a7932c29998c2e2aaeaf8bded504ac456d5b335037ef34d487': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 606032,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 606208,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/5db1ada64170e7a7932c29998c2e2aaeaf8bded504ac456d5b335037ef34d487'},
'5dcd219206f72c433064a90d5fd5233740671ced87885ff3881e1694c8f3a3c4': {'AddressOfEntryPoint': 12288,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 0,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'DDRAW.DLL': 'DirectDrawCreate',
'KERNEL32.DLL': 'GetModuleHandleA',
'USER32.DLL': 'wsprintfA'},
'ImportedFunctions': ['ExitProcess',
'GetModuleHandleA',
'CreateWindowExA',
'DefWindowProcA',
'DestroyWindow',
'DispatchMessageA',
'GetMessageA',
'LoadCursorA',
'LoadIconA',
'MessageBoxA',
'PeekMessageA',
'PostQuitMessage',
'RegisterClassExA',
'TranslateMessage',
'WaitMessage',
'wsprintfA',
'DirectDrawCreate'],
'LinkerVersion': 1,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 17,
'NumberOfSections': 4,
'OSVersion': 1,
'ResSize': 0,
'SectionNames': {'.bss\x00\x00\x00\x00': 512,
'.code\x00\x00\x00': 2048,
'.data\x00\x00\x00': 512,
'.idata\x00\x00': 1024},
'StackReserveSize': 4096,
'filename': './data/malware/5dcd219206f72c433064a90d5fd5233740671ced87885ff3881e1694c8f3a3c4'},
'5e0c529a5ded9802307428d4c18b84ad36f674e36e050dd515d554af981010e7': {'AddressOfEntryPoint': 3622800,
'DebugRVA': 3766560,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 3760128,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 7,
'OSVersion': 4,
'ResSize': 2798528,
'SectionNames': {'.data\x00\x00\x00': 109568,
'.pdata\x00\x00': 154112,
'.rdata\x00\x00': 684544,
'.rsrc\x00\x00\x00': 2798592,
'.text\x00\x00\x00': 1536,
'.tls\x00\x00\x00\x00': 512},
'StackReserveSize': 1048576,
'filename': './data/malware/5e0c529a5ded9802307428d4c18b84ad36f674e36e050dd515d554af981010e7'},
'5e1f857866d58145c5a5791067214ab371c73849737497686c510f534c629557': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {'ADVAPI32.dll': 'InitializeSecurityDescriptor',
'KERNEL32.dll': 'FindFirstFileA',
'SHELL32.dll': 'SHGetPathFromIDListA',
'USER32.dll': 'SendDlgItemMessageA',
'msvcrt.dll': '_vsnprintf',
'ntdll.dll': 'NtShutdownSystem'},
'ImportedFunctions': ['__initenv',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'strncpy',
'strstr',
'_strlwr',
'strrchr',
'__getmainargs',
'_strnicmp',
'_wcsicmp',
'towlower',
'strchr',
'memset',
'tolower',
'memcpy',
'_snprintf',
'sprintf',
'free',
'malloc',
'_initterm',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'_stricmp',
'_vsnprintf',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'CryptAcquireContextA',
'CryptGenRandom',
'CryptReleaseContext',
'AllocateAndInitializeSid',
'OpenProcessToken',
'GetTokenInformation',
'GetLengthSid',
'InitiateSystemShutdownA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'InitializeSecurityDescriptor',
'CreateThread',
'GetFileSize',
'CreateProcessA',
'GetExitCodeProcess',
'DosDateTimeToFileTime',
'LocalFileTimeToFileTime',
'InitializeCriticalSectionAndSpinCount',
'SetEndOfFile',
'GetCurrentDirectoryA',
'QueryDosDeviceA',
'GetDiskFreeSpaceA',
'GetSystemTime',
'CreateEventA',
'SetFileAttributesA',
'CopyFileA',
'QueryPerformanceCounter',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SystemTimeToFileTime',
'GetProcessHeap',
'FindClose',
'FindNextFileA',
'SetFileTime',
'Sleep',
'GetVersionExA',
'ReadFile',
'SetFilePointer',
'MoveFileExA',
'RemoveDirectoryA',
'GetLastError',
'CreateDirectoryA',
'GetTickCount',
'SetErrorMode',
'CloseHandle',
'DeviceIoControl',
'CreateFileA',
'GetDriveTypeA',
'HeapFree',
'FormatMessageA',
'LeaveCriticalSection',
'DeleteFileA',
'EnterCriticalSection',
'TerminateProcess',
'WaitForMultipleObjects',
'CreateEventW',
'SetEvent',
'GetModuleFileNameA',
'SetEnvironmentVariableA',
'GetEnvironmentVariableA',
'WideCharToMultiByte',
'HeapAlloc',
'SetLastError',
'WriteFile',
'GetProcAddress',
'LoadLibraryA',
'GetSystemDirectoryA',
'FreeLibrary',
'MoveFileA',
'ExpandEnvironmentStringsA',
'ExitProcess',
'DeleteCriticalSection',
'FlushFileBuffers',
'WaitForSingleObject',
'OpenEventA',
'GetCurrentProcess',
'GetFileAttributesA',
'GetCommandLineA',
'FindFirstFileA',
'NtOpenProcessToken',
'NtAdjustPrivilegesToken',
'NtClose',
'NtShutdownSystem',
'ShowWindow',
'SendMessageA',
'DialogBoxParamA',
'MessageBoxA',
'SetParent',
'EndDialog',
'LoadStringA',
'SendDlgItemMessageA',
'SHBrowseForFolderA',
'SHGetPathFromIDListA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 133,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3424,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 18101248,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/5e1f857866d58145c5a5791067214ab371c73849737497686c510f534c629557'},
'5e83d91dcf08a62c9c02dcd5bff3f268f84ac9bd0152a81b653e08c2e56fed8d': {'AddressOfEntryPoint': 219616,
'DebugRVA': 230176,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 229376,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'USBD.SYS': 'USBD_ParseConfigurationDescriptorEx',
'WDFLDR.SYS': 'WdfVersionBind',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoCancelIrp',
'PoSetPowerState',
'IoGetDeviceObjectPointer',
'IoStartNextPacket',
'PoStartNextPowerIrp',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoFreeIrp',
'RtlWriteRegistryValue',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoCreateSymbolicLink',
'ObfDereferenceObject',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoReleaseCancelSpinLock',
'IofCallDriver',
'IoRegisterShutdownNotification',
'RtlCheckRegistryKey',
'RtlQueryRegistryValues',
'IoGetDeviceProperty',
'RtlCreateRegistryKey',
'KeClearEvent',
'KeInitializeMutex',
'KeSetEvent',
'KeInitializeEvent',
'KeReleaseSpinLock',
'KeReleaseMutex',
'KeWaitForSingleObject',
'KeAcquireSpinLockRaiseToDpc',
'IoBuildSynchronousFsdRequest',
'IoFreeWorkItem',
'IoAllocateWorkItem',
'IoAllocateIrp',
'IoQueueWorkItem',
'IoInitializeIrp',
'IoCreateSynchronizationEvent',
'ZwClose',
'IoIsWdmVersionAvailable',
'ExEventObjectType',
'ObReferenceObjectByHandle',
'IoReleaseRemoveLockEx',
'IoDetachDevice',
'wcsstr',
'IoUnregisterPlugPlayNotification',
'towlower',
'ZwEnumerateValueKey',
'ZwOpenKey',
'RtlUnicodeStringToAnsiString',
'RtlFreeAnsiString',
'KeInitializeDpc',
'KeInsertQueueDpc',
'KeSynchronizeExecution',
'MmUnmapLockedPages',
'ExFreePoolWithTag',
'MmBuildMdlForNonPagedPool',
'IoFreeMdl',
'MmMapLockedPagesSpecifyCache',
'IoAllocateMdl',
'swprintf',
'PoRequestPowerIrp',
'IoCreateNotificationEvent',
'ZwMapViewOfSection',
'ZwUnmapViewOfSection',
'ZwCreateSection',
'ExQueueWorkItem',
'KeInitializeTimer',
'KeSetTimer',
'KeCancelTimer',
'KeSetTimerEx',
'ExAllocatePoolWithTag',
'IoBuildDeviceIoControlRequest',
'RtlAnsiStringToUnicodeString',
'RtlIntegerToUnicodeString',
'RtlInitAnsiString',
'KeDelayExecutionThread',
'RtlFreeUnicodeString',
'RtlAppendUnicodeStringToString',
'RtlCopyUnicodeString',
'ZwCreateFile',
'ZwWriteFile',
'KeBugCheckEx',
'RtlInitUnicodeString',
'PoRegisterSystemState',
'PoUnregisterSystemState',
'IoAcquireRemoveLockEx',
'KeQueryTimeIncrement',
'sprintf',
'IoRegisterPlugPlayNotification',
'_purecall',
'__C_specific_handler',
'KeStallExecutionProcessor',
'KeQueryPerformanceCounter',
'USBD_ParseConfigurationDescriptorEx',
'WdfVersionUnbind',
'WdfVersionBind'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 96,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 960,
'SectionNames': {'.CRT\x00\x00\x00\x00': 512,
'.data\x00\x00\x00': 1536,
'.pdata\x00\x00': 7168,
'.rdata\x00\x00': 16896,
'.reloc\x00\x00': 3072,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 224256,
'INIT\x00\x00\x00\x00': 3584},
'StackReserveSize': 262144,
'filename': './data/malware/5e83d91dcf08a62c9c02dcd5bff3f268f84ac9bd0152a81b653e08c2e56fed8d'},
'5edd9e5338291dda1b4bba7ba5c6e7c7698568ba411ef3c0972bf96a48308dd0': {'AddressOfEntryPoint': 419914,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 421048,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'hal.dll': 'HalMakeBeep',
'ntoskrnl.exe': 'NtQuerySystemInformation'},
'ImportedFunctions': ['PsGetVersion',
'PsGetCurrentThreadId',
'PsGetCurrentProcessId',
'__C_specific_handler',
'ProbeForWrite',
'KeDelayExecutionThread',
'ProbeForRead',
'_wcsnicmp',
'_stricmp',
'RtlDeleteRegistryValue',
'strstr',
'strrchr',
'strncpy',
'_strnicmp',
'PsDereferencePrimaryToken',
'RtlEqualSid',
'SeQueryInformationToken',
'PsReferencePrimaryToken',
'PsSetCreateProcessNotifyRoutine',
'RtlInitUnicodeString',
'IofCompleteRequest',
'__chkstk',
'IoCreateSymbolicLink',
'IoCreateDevice',
'PsSetLoadImageNotifyRoutine',
'ZwQueryInformationThread',
'ExReleaseFastMutex',
'ExAcquireFastMutex',
'ZwClose',
'ZwCreateFile',
'KeInitializeEvent',
'ZwQuerySystemInformation',
'MmIsAddressValid',
'RtlFreeAnsiString',
'RtlUnicodeStringToAnsiString',
'_vsnwprintf',
'_wcsicmp',
'ZwOpenFile',
'MmUnmapViewInSystemSpace',
'MmMapViewInSystemSpace',
'MmCreateSection',
'ZwOpenThread',
'PsGetProcessInheritedFromUniqueProcessId',
'ObReferenceObjectByHandle',
'PsGetProcessImageFileName',
'ObQueryNameString',
'IoGetDeviceObjectPointer',
'KeStackAttachProcess',
'KeUnstackDetachProcess',
'PsGetProcessCreateTimeQuadPart',
'KeQueryTimeIncrement',
'ZwQuerySymbolicLinkObject',
'ZwOpenSymbolicLinkObject',
'ZwQueryInformationProcess',
'PsIsThreadTerminating',
'MmGetSystemRoutineAddress',
'PsGetProcessId',
'PsGetThreadProcess',
'ZwOpenProcess',
'ZwOpenDirectoryObject',
'RtlAppendUnicodeStringToString',
'tolower',
'strchr',
'PsGetProcessWin32Process',
'ZwQueryInformationToken',
'PsLookupProcessByProcessId',
'PsGetProcessSectionBaseAddress',
'ZwOpenProcessTokenEx',
'wcschr',
'RtlCompareUnicodeString',
'ZwQueryObject',
'wcsncpy',
'IoQueryFileDosDeviceName',
'wcsrchr',
'PsGetCurrentProcessSessionId',
'IoFreeMdl',
'MmMapLockedPages',
'MmBuildMdlForNonPagedPool',
'IoAllocateMdl',
'MmUnmapLockedPages',
'CmRegisterCallback',
'PsGetThreadTeb',
'PsLookupThreadByThreadId',
'RtlNtStatusToDosError',
'PsGetProcessPeb',
'RtlFreeUnicodeString',
'RtlWriteRegistryValue',
'RtlAnsiStringToUnicodeString',
'RtlInitAnsiString',
'RtlCreateUnicodeString',
'RtlQueryRegistryValues',
'RtlPrefixUnicodeString',
'ZwQueryValueKey',
'ZwOpenKey',
'ZwSetInformationProcess',
'RtlLengthSid',
'ZwAssignProcessToJobObject',
'ZwSetInformationJobObject',
'ZwCreateJobObject',
'PsGetProcessJob',
'ZwTerminateProcess',
'RtlAddAccessAllowedAceEx',
'RtlAddAce',
'RtlCreateAcl',
'RtlGetAce',
'ZwSetSecurityObject',
'RtlSetDaclSecurityDescriptor',
'RtlCreateSecurityDescriptor',
'RtlGetDaclSecurityDescriptor',
'ZwQuerySecurityObject',
'SeTokenIsRestricted',
'SeFilterToken',
'ObfReferenceObject',
'ZwCreateKey',
'ZwEnumerateValueKey',
'ZwSetValueKey',
'ZwDeleteValueKey',
'RtlCompareMemory',
'RtlAppendUnicodeToString',
'RtlFormatCurrentUserKeyPath',
'IoGetCurrentProcess',
'ExAllocatePoolWithTag',
'KeBugCheckEx',
'ExFreePoolWithTag',
'ZwConnectPort',
'LpcRequestWaitReplyPort',
'LpcRequestPort',
'ObfDereferenceObject',
'ObOpenObjectByPointer',
'_vsnprintf',
'IoAllocateMdl',
'MmProbeAndLockPages',
'MmMapLockedPagesSpecifyCache',
'MmUnlockPages',
'IoFreeMdl',
'ExAllocatePool',
'ExFreePool',
'NtQuerySystemInformation',
'HalMakeBeep'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 139,
'NumberOfSections': 11,
'OSVersion': 5,
'ResSize': 1024,
'SectionNames': {'.Shltr0\x00': 0,
'.Shltr1\x00': 1024,
'.Shltr2\x00': 0,
'.Shltr3\x00': 170496,
'.data\x00\x00\x00': 0,
'.pdata\x00\x00': 0,
'.rdata\x00\x00': 0,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 0,
'INIT\x00\x00\x00\x00': 0},
'StackReserveSize': 262144,
'filename': './data/malware/5edd9e5338291dda1b4bba7ba5c6e7c7698568ba411ef3c0972bf96a48308dd0'},
'5f119d621493d1731ca7df8ffc67c58f3a7dc3851e76f736649aeef524db0dc4': {'AddressOfEntryPoint': 34988,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'EnumProcessModules'},
'ImportedFunctions': ['GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'Sleep',
'OpenProcess',
'GetExitCodeProcess',
'TerminateProcess',
'CloseHandle',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'CreateFileW',
'CreateThread',
'GetCurrentProcess',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetModuleFileNameW',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 58880},
'StackReserveSize': 1048576,
'filename': './data/malware/5f119d621493d1731ca7df8ffc67c58f3a7dc3851e76f736649aeef524db0dc4'},
'5f23c5c42fa609d9a42f562f8e64211d59019bfa89ba039c926abaedbc1c2318': {'AddressOfEntryPoint': 121744,
'DebugRVA': 95104,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 94208,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'CLASSPNP.SYS': 'ClassFindModePage',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoSetDeviceInterfaceState',
'RtlInitUnicodeString',
'IoDeleteDevice',
'KeSetEvent',
'IoFreeWorkItem',
'KeInitializeEvent',
'RtlInitAnsiString',
'PoRequestPowerIrp',
'KeEnterCriticalRegion',
'PoSetPowerState',
'RtlFreeUnicodeString',
'wcsstr',
'ZwQueryValueKey',
'IoAllocateWorkItem',
'ZwClose',
'KeWaitForSingleObject',
'IoFreeIrp',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoQueueWorkItem',
'IoGetDeviceProperty',
'ObReferenceObjectByPointer',
'IoInvalidateDeviceState',
'ZwOpenKey',
'NlsMbCodePageTag',
'IoInitializeTimer',
'IoSetHardErrorOrVerifyDevice',
'IoStartTimer',
'IoIs32bitProcess',
'IoInvalidateDeviceRelations',
'IoFreeMdl',
'RtlxAnsiStringToUnicodeSize',
'IoStopTimer',
'MmProbeAndLockPages',
'IoRegisterDeviceInterface',
'KeResetEvent',
'IoBuildSynchronousFsdRequest',
'ExpInterlockedPopEntrySList',
'MmMapLockedPagesSpecifyCache',
'RtlCompareMemory',
'ObfReferenceObject',
'IoAcquireRemoveLockEx',
'IoGetConfigurationInformation',
'IoBuildDeviceIoControlRequest',
'ZwCreateKey',
'IoDeleteSymbolicLink',
'IoAllocateDriverObjectExtension',
'RtlIntegerToUnicodeString',
'ZwCreateDirectoryObject',
'ZwSetValueKey',
'IoDetachDevice',
'MmUnmapIoSpace',
'IoGetDeviceObjectPointer',
'MmMapIoSpace',
'RtlAppendUnicodeStringToString',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoIsWdmVersionAvailable',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoGetDriverObjectExtension',
'KeClearEvent',
'PsCreateSystemThread',
'ExInterlockedInsertTailList',
'PsTerminateSystemThread',
'ObReferenceObjectByHandle',
'KeBugCheckEx',
'RtlAnsiStringToUnicodeString',
'KeLeaveCriticalRegion',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateMdl',
'IoReleaseCancelSpinLock',
'ObfDereferenceObject',
'RtlCopyUnicodeString',
'ExInterlockedRemoveHeadList',
'IoAllocateIrp',
'IoGetAttachedDeviceReference',
'ExQueryDepthSList',
'PoStartNextPowerIrp',
'MmBuildMdlForNonPagedPool',
'KeReleaseSpinLock',
'ExpInterlockedPushEntrySList',
'PoRegisterDeviceForIdleDetection',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'MmUnlockPages',
'DbgPrint',
'RtlUnicodeToMultiByteN',
'__C_specific_handler',
'ClassInitializeSrbLookasideList',
'ClassClaimDevice',
'ClassDeviceControl',
'ClassSendDeviceIoControlSynchronous',
'ClassReadDriveCapacity',
'ClassCreateDeviceObject',
'ClassQueryTimeOutRegistryValue',
'ClassAcquireRemoveLockEx',
'ClassDeleteSrbLookasideList',
'ClassRemoveDevice',
'ClassReleaseRemoveLock',
'ClassCompleteRequest',
'ClassSendSrbSynchronous',
'ClassAsynchronousCompletion',
'ClassInitialize',
'ClassSendIrpSynchronous',
'ClassIoComplete',
'ClassFindModePage'],
'LinkerVersion': 10,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 109,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 6144,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 90112,
'DUMPDATA': 26112,
'INIT\x00\x00\x00\x00': 6656,
'PAGE\x00\x00\x00\x00': 5120},
'StackReserveSize': 262144,
'filename': './data/malware/5f23c5c42fa609d9a42f562f8e64211d59019bfa89ba039c926abaedbc1c2318'},
'5f8c892d0cf1ec2d9781c13853b2fb1b0f5e087e4c77e8b9de361b6ebe2226c5': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 200980,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 211968,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/5f8c892d0cf1ec2d9781c13853b2fb1b0f5e087e4c77e8b9de361b6ebe2226c5'},
'5fe50cc188551b4cb9fbfc89d7e3a3b66d5c3ab188003f602d8661f43e29b90f': {'AddressOfEntryPoint': 97840,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 180224,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueA',
'GDI32.dll': 'SetTextColor',
'KERNEL32.dll': 'GetProcessHeap',
'OLEACC.dll': 'CreateStdAccessibleObject',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'ShellExecuteExA',
'SHLWAPI.dll': 'PathFileExistsA',
'USER32.dll': 'GetWindowPlacement',
'VERSION.dll': 'GetFileVersionInfoSizeA',
'WINSPOOL.DRV': 'OpenPrinterA',
'ole32.dll': 'CoInitialize'},
'ImportedFunctions': ['PathFindFileNameA',
'PathFindExtensionA',
'PathFileExistsA',
'GlobalFlags',
'lstrcmpW',
'GlobalFindAtomA',
'GlobalGetAtomNameA',
'ReadFile',
'SetFilePointer',
'FlushFileBuffers',
'SetErrorMode',
'GetCPInfo',
'GetOEMCP',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'HeapFree',
'HeapAlloc',
'RaiseException',
'RtlPcToFileHeader',
'HeapReAlloc',
'ExitProcess',
'GetCommandLineA',
'GetStartupInfoA',
'HeapSize',
'GetACP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'LCMapStringA',
'LCMapStringW',
'HeapSetInformation',
'HeapCreate',
'GetStdHandle',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'RtlVirtualUnwind',
'GetStringTypeA',
'GetStringTypeW',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'WritePrivateProfileStringA',
'GetModuleFileNameW',
'TlsFree',
'DeleteCriticalSection',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'LocalAlloc',
'GlobalAddAtomA',
'GlobalDeleteAtom',
'GetCurrentThread',
'GetCurrentThreadId',
'ConvertDefaultLocale',
'EnumResourceLanguagesA',
'GetLocaleInfoA',
'lstrcmpA',
'GlobalFree',
'GlobalAlloc',
'GlobalLock',
'GlobalUnlock',
'FormatMessageA',
'LocalFree',
'SetLastError',
'SetCurrentDirectoryA',
'DeleteFileA',
'GetSystemTime',
'FindResourceA',
'SizeofResource',
'LoadResource',
'LockResource',
'CreateFileA',
'WriteFile',
'GetCurrentProcess',
'OpenEventA',
'Sleep',
'CompareStringA',
'GetVersion',
'GetVersionExA',
'GetModuleHandleA',
'GetSystemDirectoryA',
'GetThreadLocale',
'WideCharToMultiByte',
'MultiByteToWideChar',
'lstrlenA',
'GetExitCodeProcess',
'CreateProcessA',
'CreateToolhelp32Snapshot',
'Process32First',
'OpenProcess',
'TerminateProcess',
'WaitForSingleObject',
'CloseHandle',
'Process32Next',
'GetModuleFileNameA',
'GetUserDefaultLangID',
'GetCurrentProcessId',
'OutputDebugStringA',
'GetLastError',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'GetProcessHeap',
'DestroyMenu',
'UnregisterClassA',
'ShowWindow',
'RegisterWindowMessageA',
'LoadIconA',
'WinHelpA',
'GetCapture',
'GetClassLongA',
'GetClassLongPtrA',
'SetPropA',
'GetPropA',
'RemovePropA',
'IsWindow',
'GetForegroundWindow',
'GetDlgItem',
'GetTopWindow',
'DestroyWindow',
'GetWindowLongPtrA',
'SetWindowLongPtrA',
'GetMessageTime',
'GetMessagePos',
'MapWindowPoints',
'SetForegroundWindow',
'GetClientRect',
'GetMenu',
'CreateWindowExA',
'GetClassInfoExA',
'GetClassInfoA',
'RegisterClassA',
'CopyRect',
'AdjustWindowRectEx',
'DefWindowProcA',
'CallWindowProcA',
'SetWindowPos',
'IsIconic',
'GetWindow',
'GetDlgCtrlID',
'GetWindowRect',
'GetClassNameA',
'PtInRect',
'GetWindowTextA',
'SetWindowTextA',
'GetSystemMetrics',
'GetDC',
'SystemParametersInfoA',
'ClientToScreen',
'GrayStringA',
'DrawTextExA',
'DrawTextA',
'TabbedTextOutA',
'LoadCursorA',
'ReleaseDC',
'GetSysColor',
'GetSysColorBrush',
'UnhookWindowsHookEx',
'GetWindowThreadProcessId',
'GetWindowLongA',
'GetLastActivePopup',
'IsWindowEnabled',
'EnableWindow',
'MessageBoxA',
'LoadStringA',
'GetSubMenu',
'GetMenuItemCount',
'GetMenuItemID',
'GetMenuState',
'PostQuitMessage',
'PostMessageA',
'CheckMenuItem',
'EnableMenuItem',
'ModifyMenuA',
'SendMessageA',
'GetParent',
'GetFocus',
'SetCursor',
'SetWindowsHookExA',
'CallNextHookEx',
'GetMessageA',
'TranslateMessage',
'DispatchMessageA',
'GetActiveWindow',
'IsWindowVisible',
'GetKeyState',
'PeekMessageA',
'GetCursorPos',
'ValidateRect',
'SetMenuItemBitmaps',
'GetMenuCheckMarkDimensions',
'LoadBitmapA',
'GetWindowPlacement',
'GetStockObject',
'DeleteDC',
'SetBkColor',
'RestoreDC',
'SaveDC',
'CreateBitmap',
'GetDeviceCaps',
'ScaleWindowExtEx',
'SetWindowExtEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'SelectObject',
'Escape',
'ExtTextOutA',
'TextOutA',
'RectVisible',
'PtVisible',
'DeleteObject',
'GetClipBox',
'SetMapMode',
'SetTextColor',
'DocumentPropertiesA',
'ClosePrinter',
'OpenPrinterA',
'RegEnumKeyA',
'RegOpenKeyA',
'RegEnumKeyExA',
'RegDeleteKeyA',
'RegSetValueExA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'RegQueryValueA',
'ShellExecuteExA',
'CoUninitialize',
'CoInitialize',
'VariantClear',
'VariantChangeType',
'VariantInit',
'VerQueryValueA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'LresultFromObject',
'CreateStdAccessibleObject'],
'LinkerVersion': 8,
'NumberOfImportDLL': 11,
'NumberOfImportFunctions': 262,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 9998812,
'SectionNames': {'.data\x00\x00\x00': 10240,
'.pdata\x00\x00': 12800,
'.rdata\x00\x00': 59392,
'.rsrc\x00\x00\x00': 9998848,
'.text\x00\x00\x00': 175104},
'StackReserveSize': 1048576,
'filename': './data/malware/5fe50cc188551b4cb9fbfc89d7e3a3b66d5c3ab188003f602d8661f43e29b90f'},
'604a974c12832f7aae6f2714f01642d80a72e0e11015ea2f77400a165f96c86f': {'AddressOfEntryPoint': 15312,
'DebugRVA': 109760,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 156808,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'CopyFileA',
'USER32.dll': 'MessageBoxA'},
'ImportedFunctions': ['CompareStringA',
'CompareStringW',
'GetSystemDirectoryA',
'GetWindowsDirectoryA',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlUnwindEx',
'GetCommandLineA',
'HeapFree',
'GetVersionExA',
'HeapAlloc',
'GetProcessHeap',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'TlsAlloc',
'SetLastError',
'GetLastError',
'GetCurrentThread',
'TlsFree',
'TlsSetValue',
'TlsGetValue',
'GetProcAddress',
'GetModuleHandleA',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'GetModuleFileNameA',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'WideCharToMultiByte',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'DeleteCriticalSection',
'HeapSetInformation',
'HeapCreate',
'HeapDestroy',
'LeaveCriticalSection',
'FatalAppExitA',
'EnterCriticalSection',
'Sleep',
'GetACP',
'GetOEMCP',
'GetCPInfo',
'IsBadReadPtr',
'IsBadWritePtr',
'IsBadCodePtr',
'LoadLibraryA',
'InitializeCriticalSection',
'HeapReAlloc',
'GetDateFormatA',
'GetTimeFormatA',
'GetUserDefaultLCID',
'GetLocaleInfoA',
'EnumSystemLocalesA',
'IsValidLocale',
'IsValidCodePage',
'GetStringTypeA',
'MultiByteToWideChar',
'GetStringTypeW',
'LCMapStringA',
'LCMapStringW',
'SetConsoleCtrlHandler',
'GetTimeZoneInformation',
'VirtualProtect',
'VirtualAlloc',
'GetSystemInfo',
'VirtualQuery',
'GetLocaleInfoW',
'SetEnvironmentVariableA',
'CopyFileA',
'MessageBoxA',
'RegCreateKeyExA',
'RegSetValueExA',
'RegCloseKey'],
'LinkerVersion': 8,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 87,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.idata\x00\x00': 4608,
'.pdata\x00\x00': 6656,
'.rdata\x00\x00': 28672,
'.text\x00\x00\x00': 99840},
'StackReserveSize': 1048576,
'filename': './data/malware/604a974c12832f7aae6f2714f01642d80a72e0e11015ea2f77400a165f96c86f'},
'6056ee4e09c4e67e50a113f5aca5abcf5790ed1c36bf9f154f630be4b1f5e84f': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 248824,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 248832,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/6056ee4e09c4e67e50a113f5aca5abcf5790ed1c36bf9f154f630be4b1f5e84f'},
'6091bcf4dbff3294d19334246cd9c793cedab2ed0599ddc43707195a845fc236': {'AddressOfEntryPoint': 24584,
'DebugRVA': 12560,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 12288,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'ntoskrnl.exe': 'KeBugCheckEx'},
'ImportedFunctions': ['KeSetPriorityThread',
'PsRevertToSelf',
'RtlInitUnicodeString',
'ExInterlockedRemoveHeadList',
'IoDeleteDevice',
'ObfDereferenceObject',
'KeSetEvent',
'IoCreateDevice',
'swprintf',
'ZwQueryInformationFile',
'KeInitializeEvent',
'ZwWriteFile',
'ZwCreateDirectoryObject',
'SeTokenType',
'SeCreateClientSecurity',
'KeDelayExecutionThread',
'RtlFreeUnicodeString',
'ZwMakeTemporaryObject',
'ZwCreateFile',
'PsCreateSystemThread',
'MmMapLockedPagesSpecifyCache',
'SeImpersonateClient',
'ExAllocatePool',
'ExInterlockedInsertTailList',
'PsTerminateSystemThread',
'ExFreePoolWithTag',
'ZwClose',
'RtlAnsiStringToUnicodeString',
'IofCompleteRequest',
'ObReferenceObjectByHandle',
'ZwReadFile',
'KeWaitForSingleObject',
'KeBugCheckEx'],
'LinkerVersion': 8,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 33,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 936,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 7168,
'INIT\x00\x00\x00\x00': 1536},
'StackReserveSize': 262144,
'filename': './data/malware/6091bcf4dbff3294d19334246cd9c793cedab2ed0599ddc43707195a845fc236'},
'60dc6bb966079d506892fd6320ef54d67b38a74a8bd9284520c4c78f028dfad6': {'AddressOfEntryPoint': 108412,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 37672,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 595968,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/60dc6bb966079d506892fd6320ef54d67b38a74a8bd9284520c4c78f028dfad6'},
'60ddb0c3201897bcd98e9cf3aa8eca8851274ab77caec001c974d8864288e1be': {'AddressOfEntryPoint': 56620,
'DebugRVA': 144496,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 143360,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'KERNEL32.dll': 'EnterCriticalSection',
'USER32.dll': 'SetWindowsHookExA'},
'ImportedFunctions': ['FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'CreateEventA',
'CreateMutexA',
'CreateSemaphoreA',
'HeapAlloc',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'GetModuleFileNameA',
'WideCharToMultiByte',
'Sleep',
'MultiByteToWideChar',
'TerminateProcess',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'RaiseException',
'RtlPcToFileHeader',
'LocalAlloc',
'HeapFree',
'ExitThread',
'CreateThread',
'LCMapStringA',
'LCMapStringW',
'GetCPInfo',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'GetCurrentProcessId',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetLocaleInfoA',
'LocalFree',
'ReleaseSemaphore',
'ReleaseMutex',
'ResetEvent',
'SetEvent',
'WaitForMultipleObjects',
'GetLastError',
'GetVersionExA',
'IsWow64Process',
'OpenProcess',
'Thread32Next',
'Thread32First',
'CreateToolhelp32Snapshot',
'CloseHandle',
'WaitForSingleObject',
'OpenEventA',
'SetUnhandledExceptionFilter',
'GetCurrentThreadId',
'DeleteCriticalSection',
'InitializeCriticalSection',
'LeaveCriticalSection',
'RtlUnwindEx',
'EnterCriticalSection',
'SetWindowsHookExA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 81,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1832,
'SectionNames': {'.data\x00\x00\x00': 11264,
'.pdata\x00\x00': 9728,
'.rdata\x00\x00': 41984,
'.reloc\x00\x00': 2048,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 137728},
'StackReserveSize': 1048576,
'filename': './data/malware/60ddb0c3201897bcd98e9cf3aa8eca8851274ab77caec001c974d8864288e1be'},
'6157fb7d72639cd60ea8c162222b58bcfca772182e1c8ca5fcba07ab8cb14e32': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 2901052,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 2901504,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/6157fb7d72639cd60ea8c162222b58bcfca772182e1c8ca5fcba07ab8cb14e32'},
'61a84fdc0e402a04b4fe3487c595e790ade0df010c0e928933797e47cee386c9': {'AddressOfEntryPoint': 405692,
'DebugRVA': 4912,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 8,
'OSVersion': 6,
'ResSize': 68728,
'SectionNames': {'.npdata\x00': 1024,
'.pdata\x00\x00': 17408,
'.rdata\x00\x00': 40448,
'.reloc\x00\x00': 4096,
'.rsrc\x00\x00\x00': 69120,
'INIT\x00\x00\x00\x00': 3584,
'PAGE\x00\x00\x00\x00': 301056,
'PAGED\x00\x00\x00': 31232},
'StackReserveSize': 262144,
'filename': './data/malware/61a84fdc0e402a04b4fe3487c595e790ade0df010c0e928933797e47cee386c9'},
'61ba03cce4bb75cc502f8b0175ab3a12f7807a51f2321468ee32fbcf3317287f': {'AddressOfEntryPoint': 1074142929,
'DebugRVA': 333312,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 331776,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'KERNEL32.dll': 'GetStartupInfoA',
'SHELL32.dll': 'SHFileOperationW',
'USER32.dll': 'CharToOemA'},
'ImportedFunctions': ['SetConsoleCtrlHandler',
'LocalFree',
'FormatMessageW',
'CloseHandle',
'GetCurrentProcess',
'CreateFileW',
'BackupRead',
'BackupSeek',
'SetFileTime',
'MoveFileW',
'FlushFileBuffers',
'SetFilePointer',
'SetEndOfFile',
'GetFileTime',
'GetFileType',
'CreateFileA',
'ReadFile',
'WriteFile',
'GetDriveTypeA',
'GetDiskFreeSpaceA',
'GetVolumeInformationA',
'GetFileAttributesA',
'GetFileAttributesW',
'SetFileAttributesA',
'SetFileAttributesW',
'MoveFileA',
'DeleteFileA',
'DeleteFileW',
'RemoveDirectoryA',
'RemoveDirectoryW',
'DeviceIoControl',
'CreateDirectoryA',
'CreateDirectoryW',
'ExpandEnvironmentStringsW',
'ExpandEnvironmentStringsA',
'FindClose',
'FindNextFileA',
'FindFirstFileA',
'FindNextFileW',
'FindFirstFileW',
'GetVersionExW',
'CreateThread',
'Sleep',
'GetProcessAffinityMask',
'WaitForSingleObject',
'SetEvent',
'ResetEvent',
'SetThreadPriority',
'GetCurrentThread',
'WaitForMultipleObjects',
'CreateEventW',
'GetFullPathNameA',
'GetFullPathNameW',
'GetModuleFileNameA',
'GetModuleFileNameW',
'MultiByteToWideChar',
'SetErrorMode',
'FreeLibrary',
'LoadLibraryW',
'LoadLibraryExW',
'GetCurrentProcessId',
'CompareStringA',
'SetPriorityClass',
'SetCurrentDirectoryA',
'GetCurrentDirectoryA',
'LocalFileTimeToFileTime',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'WideCharToMultiByte',
'CompareStringW',
'IsDBCSLeadByte',
'GetCPInfo',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'SetStdHandle',
'SetEnvironmentVariableA',
'GetLocaleInfoA',
'GetLastError',
'GetCurrentDirectoryW',
'GetTickCount',
'GetSystemTime',
'SystemTimeToFileTime',
'GetStdHandle',
'GetConsoleMode',
'SetConsoleMode',
'ReadConsoleW',
'GetCommandLineW',
'GetModuleHandleW',
'GetProcAddress',
'ExitThread',
'SetLastError',
'GetStringTypeW',
'GetStringTypeA',
'GetConsoleCP',
'GetSystemTimeAsFileTime',
'QueryPerformanceCounter',
'HeapFree',
'HeapReAlloc',
'HeapAlloc',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'ExitProcess',
'RaiseException',
'RtlPcToFileHeader',
'GetCommandLineA',
'HeapSetInformation',
'HeapCreate',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlCaptureContext',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'GetCurrentThreadId',
'FlsAlloc',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'DeleteCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'LoadLibraryA',
'InitializeCriticalSectionAndSpinCount',
'LCMapStringA',
'LCMapStringW',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'CharLowerW',
'ExitWindowsEx',
'CharUpperA',
'CharLowerA',
'LoadStringW',
'CharUpperW',
'CharToOemBuffW',
'CharToOemBuffA',
'OemToCharA',
'OemToCharBuffA',
'CharToOemA',
'RegQueryValueExW',
'RegOpenKeyExA',
'RegQueryValueExA',
'RegCloseKey',
'GetFileSecurityW',
'GetFileSecurityA',
'GetSecurityDescriptorLength',
'SetFileSecurityW',
'SetFileSecurityA',
'OpenProcessToken',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'RegOpenKeyExW',
'SHGetPathFromIDListW',
'SHGetMalloc',
'SHGetSpecialFolderLocation',
'SHGetPathFromIDListA',
'SHFileOperationW'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 167,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 29208,
'StackReserveSize': 1048576,
'filename': './data/malware/61ba03cce4bb75cc502f8b0175ab3a12f7807a51f2321468ee32fbcf3317287f'},
'61d5ae02ad56f91cecbbb2850b3e32bb8f05195633f1ae78376dd76a832998e1': {'AddressOfEntryPoint': 706148,
'DebugRVA': 952880,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 1120560,
'ExportSize': 223,
'IATRVA': 950272,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 119392,
'SectionNames': {'.data\x00\x00\x00': 10240,
'.pdata\x00\x00': 67072,
'.rdata\x00\x00': 171008,
'.reloc\x00\x00': 6144,
'.rsrc\x00\x00\x00': 119808,
'.text\x00\x00\x00': 945152},
'StackReserveSize': 1048576,
'filename': './data/malware/61d5ae02ad56f91cecbbb2850b3e32bb8f05195633f1ae78376dd76a832998e1'},
'6207633b1841e8ead389e463a97b622e4fa399b1aa9284feeadfc3474c507231': {'AddressOfEntryPoint': 1073848573,
'DebugRVA': 35008,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 32768,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteValueW',
'COMCTL32.dll': 'InitCommonControlsEx',
'KERNEL32.dll': 'GetCurrentThreadId',
'MSVCR80.dll': '_wcsicmp',
'OLEAUT32.dll': 'SysAllocString',
'USER32.dll': 'GetWindowRect',
'WS2_32.dll': 'WSAStartup'},
'ImportedFunctions': ['?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'__crt_debugger_hook',
'?terminate@@YAXXZ',
'_decode_pointer',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'__set_app_type',
'_encode_pointer',
'_fmode',
'_commode',
'__setusermatherr',
'_configthreadlocale',
'_initterm_e',
'_initterm',
'_wcmdln',
'memcpy',
'__CxxFrameHandler3',
'memset',
'vsprintf',
'isdigit',
'toupper',
'_swprintf',
'malloc',
'free',
'swscanf',
'exit',
'_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__wgetmainargs',
'_amsg_exit',
'_purecall',
'_wcsicmp',
'OutputDebugStringA',
'GetLastError',
'lstrcpyW',
'Sleep',
'GetStartupInfoW',
'QueryPerformanceCounter',
'GetTickCount',
'SetLastError',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'WideCharToMultiByte',
'GetProcAddress',
'GetModuleHandleW',
'GetCurrentProcess',
'InitializeCriticalSection',
'EnterCriticalSection',
'LoadLibraryW',
'LeaveCriticalSection',
'FreeLibrary',
'DeleteCriticalSection',
'CloseHandle',
'GetVersionExW',
'GetCurrentThreadId',
'SendMessageW',
'LoadIconW',
'EnableWindow',
'GetParent',
'PostMessageW',
'SetForegroundWindow',
'SetActiveWindow',
'SetWindowPos',
'GetWindowRect',
'CryptGetUserKey',
'CryptDecrypt',
'CryptImportKey',
'CryptDestroyKey',
'CryptEncrypt',
'CryptExportKey',
'CryptGenKey',
'CryptReleaseContext',
'CryptSetProvParam',
'InitializeSecurityDescriptor',
'CryptAcquireContextW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegQueryValueExW',
'RegOpenKeyExW',
'RegCreateKeyExW',
'RegCloseKey',
'RegDeleteValueW',
'InitCommonControlsEx',
'SysAllocString',
'WSACleanup',
'WSAStartup'],
'LinkerVersion': 8,
'NumberOfImportDLL': 8,
'NumberOfImportFunctions': 97,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 48804,
'StackReserveSize': 1048576,
'filename': './data/malware/6207633b1841e8ead389e463a97b622e4fa399b1aa9284feeadfc3474c507231'},
'623737f068a89cd15b608abdf194a1c666d621d0024750fc9c58492444bc9ef7': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 361592,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 361984,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/623737f068a89cd15b608abdf194a1c666d621d0024750fc9c58492444bc9ef7'},
'6262fdf0c20cde4333154d22fafccedb99856c1ab2dd0964c7dbf8892197d68e': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 15208,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 15360,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/6262fdf0c20cde4333154d22fafccedb99856c1ab2dd0964c7dbf8892197d68e'},
'62673b2b94c92523ae07c781f47903913ca28bffe827c49c4eddfddb07fea54f': {'AddressOfEntryPoint': 58560,
'DebugRVA': 63152,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 61440,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegQueryValueExA',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'GlobalLock',
'SHELL32.dll': 'ShellExecuteA',
'USER32.dll': 'TrackPopupMenu',
'VERSION.dll': 'VerQueryValueA',
'comdlg32.dll': 'GetSaveFileNameA',
'msvcrt.dll': 'sprintf'},
'ImportedFunctions': ['_initterm',
'__getmainargs',
'_acmdln',
'exit',
'_cexit',
'_exit',
'_c_exit',
'_XcptFilter',
'__C_specific_handler',
'__setusermatherr',
'__dllonexit',
'_mbschr',
'_snprintf',
'_strlwr',
'_mbsicmp',
'_purecall',
'qsort',
'_itoa',
'malloc',
'free',
'memcmp',
'_commode',
'_fmode',
'__set_app_type',
'_onexit',
'strtoul',
'atoi',
'strcmp',
'_memicmp',
'strrchr',
'??2@YAPEAX_K@Z',
'??3@YAXPEAX@Z',
'strchr',
'strlen',
'_stricmp',
'memcpy',
'_strcmpi',
'memset',
'strcpy',
'strcat',
'strncat',
'sprintf',
'ImageList_Create',
'ImageList_SetImageCount',
'CreateToolbarEx',
'ImageList_AddMasked',
'ImageList_ReplaceIcon',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'OpenProcess',
'GetCurrentProcess',
'ExitProcess',
'GetCurrentProcessId',
'ReadProcessMemory',
'DeleteFileA',
'EnumResourceNamesA',
'WritePrivateProfileStringA',
'GetPrivateProfileStringA',
'GetPrivateProfileIntA',
'ExpandEnvironmentStringsA',
'WinExec',
'Sleep',
'GetCurrentThreadId',
'GetStartupInfoA',
'GetProcAddress',
'CloseHandle',
'GetTimeFormatA',
'FileTimeToLocalFileTime',
'CompareFileTime',
'FileTimeToSystemTime',
'LoadLibraryA',
'FreeLibrary',
'ReadFile',
'GetTempPathA',
'GetSystemDirectoryA',
'LocalFree',
'lstrcpyA',
'FormatMessageA',
'CreateFileA',
'GetWindowsDirectoryA',
'GetModuleFileNameA',
'GetFileSize',
'GlobalUnlock',
'GetDateFormatA',
'WriteFile',
'GetModuleHandleA',
'LoadLibraryExA',
'lstrlenA',
'GetLastError',
'GlobalAlloc',
'GetTempFileNameA',
'GetFileAttributesA',
'GetVersionExA',
'GlobalLock',
'EnumWindows',
'AttachThreadInput',
'SetForegroundWindow',
'GetWindowThreadProcessId',
'DispatchMessageA',
'IsDialogMessageA',
'DeferWindowPos',
'TranslateMessage',
'BeginDeferWindowPos',
'GetSysColorBrush',
'ShowWindow',
'ChildWindowFromPoint',
'SetCursor',
'LoadCursorA',
'SetDlgItemTextA',
'PostQuitMessage',
'SetWindowTextA',
'SendDlgItemMessageA',
'GetDlgItemInt',
'EndDialog',
'GetDlgItem',
'CreateWindowExA',
'SetDlgItemInt',
'RegisterClassA',
'UpdateWindow',
'GetSystemMetrics',
'GetWindowRect',
'PostMessageA',
'SetMenu',
'LoadAcceleratorsA',
'SetWindowPos',
'DefWindowProcA',
'TranslateAcceleratorA',
'MessageBoxA',
'GetWindowPlacement',
'SendMessageA',
'LoadIconA',
'LoadImageA',
'GetWindowLongA',
'SetWindowLongA',
'SetFocus',
'InvalidateRect',
'GetSubMenu',
'GetMenuStringA',
'GetMenu',
'GetCursorPos',
'MoveWindow',
'GetDC',
'GetSysColor',
'CheckMenuItem',
'SetClipboardData',
'GetClientRect',
'EnableWindow',
'EmptyClipboard',
'MapWindowPoints',
'EnableMenuItem',
'ReleaseDC',
'OpenClipboard',
'GetClassNameA',
'CloseClipboard',
'GetMenuItemCount',
'DestroyWindow',
'GetMenuItemInfoA',
'GetWindowTextA',
'LoadMenuA',
'GetParent',
'ModifyMenuA',
'LoadStringA',
'DialogBoxParamA',
'GetDlgCtrlID',
'DestroyMenu',
'CreateDialogParamA',
'EnumChildWindows',
'DestroyIcon',
'GetMessageA',
'RegisterWindowMessageA',
'GetFocus',
'EndDeferWindowPos',
'TrackPopupMenu',
'GetTextExtentPoint32A',
'SetBkColor',
'GetStockObject',
'GetDeviceCaps',
'SetTextColor',
'CreateFontIndirectA',
'SetBkMode',
'DeleteObject',
'FindTextA',
'GetSaveFileNameA',
'RegDeleteKeyA',
'RegEnumKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'RegSetValueExA',
'RegCloseKey',
'RegQueryValueExA',
'ExtractIconExA',
'ShellExecuteA'],
'LinkerVersion': 8,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 194,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 11312,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 2560,
'.rdata\x00\x00': 13312,
'.rsrc\x00\x00\x00': 11776,
'.text\x00\x00\x00': 55808},
'StackReserveSize': 1048576,
'filename': './data/malware/62673b2b94c92523ae07c781f47903913ca28bffe827c49c4eddfddb07fea54f'},
'62f51d2196485408045ac008b1c6020e10f57cbf61ded71c0b346af2e869ee23': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 487236,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 487424,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/62f51d2196485408045ac008b1c6020e10f57cbf61ded71c0b346af2e869ee23'},
'6334f6cd2af17fec522fe6443f05acecd002e5f52c86e516aa5b54fcfcebd170': {'AddressOfEntryPoint': 49160,
'DebugRVA': 36976,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 36864,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NTOSKRNL.exe': 'KeBugCheckEx',
'storport.sys': 'StorPortNotification'},
'ImportedFunctions': ['StorPortGetScatterGatherList',
'StorPortGetDeviceBase',
'StorPortLogError',
'StorPortSetBusDataByOffset',
'StorPortGetBusData',
'StorPortGetPhysicalAddress',
'StorPortInitialize',
'StorPortCompleteRequest',
'StorPortGetUncachedExtension',
'StorPortStallExecution',
'StorPortNotification',
'KeBugCheckEx'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 12,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 31232,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/6334f6cd2af17fec522fe6443f05acecd002e5f52c86e516aa5b54fcfcebd170'},
'638d8b4c817622aa1020c2e89d068d43fe8efaed37339ee2fd5713579c2041eb': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 502700,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 502784,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/638d8b4c817622aa1020c2e89d068d43fe8efaed37339ee2fd5713579c2041eb'},
'639528ba0d2f206cdcf4df6f4aa9c533c899726435c21c67a8398ae989361649': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 591032,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 591360,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/639528ba0d2f206cdcf4df6f4aa9c533c899726435c21c67a8398ae989361649'},
'63ce11e3c93db194fbd2bb199f440fb0f262ba519deabc922a3bb4fc66ceadff': {'AddressOfEntryPoint': 121744,
'DebugRVA': 95104,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 94208,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'CLASSPNP.SYS': 'ClassFindModePage',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['IoSetDeviceInterfaceState',
'RtlInitUnicodeString',
'IoDeleteDevice',
'KeSetEvent',
'IoFreeWorkItem',
'KeInitializeEvent',
'RtlInitAnsiString',
'PoRequestPowerIrp',
'KeEnterCriticalRegion',
'PoSetPowerState',
'RtlFreeUnicodeString',
'wcsstr',
'ZwQueryValueKey',
'IoAllocateWorkItem',
'ZwClose',
'KeWaitForSingleObject',
'IoFreeIrp',
'IoAttachDeviceToDeviceStack',
'PoCallDriver',
'IoQueueWorkItem',
'IoGetDeviceProperty',
'ObReferenceObjectByPointer',
'IoInvalidateDeviceState',
'ZwOpenKey',
'NlsMbCodePageTag',
'IoInitializeTimer',
'IoSetHardErrorOrVerifyDevice',
'IoStartTimer',
'IoIs32bitProcess',
'IoInvalidateDeviceRelations',
'IoFreeMdl',
'RtlxAnsiStringToUnicodeSize',
'IoStopTimer',
'MmProbeAndLockPages',
'IoRegisterDeviceInterface',
'KeResetEvent',
'IoBuildSynchronousFsdRequest',
'ExpInterlockedPopEntrySList',
'MmMapLockedPagesSpecifyCache',
'RtlCompareMemory',
'ObfReferenceObject',
'IoAcquireRemoveLockEx',
'IoGetConfigurationInformation',
'IoBuildDeviceIoControlRequest',
'ZwCreateKey',
'IoDeleteSymbolicLink',
'IoAllocateDriverObjectExtension',
'RtlIntegerToUnicodeString',
'ZwCreateDirectoryObject',
'ZwSetValueKey',
'IoDetachDevice',
'MmUnmapIoSpace',
'IoGetDeviceObjectPointer',
'MmMapIoSpace',
'RtlAppendUnicodeStringToString',
'IofCompleteRequest',
'IoReleaseRemoveLockAndWaitEx',
'IoIsWdmVersionAvailable',
'IoCreateSymbolicLink',
'IoInitializeRemoveLockEx',
'IoCreateDevice',
'IoGetDriverObjectExtension',
'KeClearEvent',
'PsCreateSystemThread',
'ExInterlockedInsertTailList',
'PsTerminateSystemThread',
'ObReferenceObjectByHandle',
'KeBugCheckEx',
'RtlAnsiStringToUnicodeString',
'KeLeaveCriticalRegion',
'KeAcquireSpinLockRaiseToDpc',
'IofCallDriver',
'IoAllocateMdl',
'IoReleaseCancelSpinLock',
'ObfDereferenceObject',
'RtlCopyUnicodeString',
'ExInterlockedRemoveHeadList',
'IoAllocateIrp',
'IoGetAttachedDeviceReference',
'ExQueryDepthSList',
'PoStartNextPowerIrp',
'MmBuildMdlForNonPagedPool',
'KeReleaseSpinLock',
'ExpInterlockedPushEntrySList',
'PoRegisterDeviceForIdleDetection',
'ExFreePoolWithTag',
'ExAllocatePoolWithTag',
'MmUnlockPages',
'DbgPrint',
'RtlUnicodeToMultiByteN',
'__C_specific_handler',
'ClassInitializeSrbLookasideList',
'ClassClaimDevice',
'ClassDeviceControl',
'ClassSendDeviceIoControlSynchronous',
'ClassReadDriveCapacity',
'ClassCreateDeviceObject',
'ClassQueryTimeOutRegistryValue',
'ClassAcquireRemoveLockEx',
'ClassDeleteSrbLookasideList',
'ClassRemoveDevice',
'ClassReleaseRemoveLock',
'ClassCompleteRequest',
'ClassSendSrbSynchronous',
'ClassAsynchronousCompletion',
'ClassInitialize',
'ClassSendIrpSynchronous',
'ClassIoComplete',
'ClassFindModePage'],
'LinkerVersion': 10,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 109,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1008,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 3584,
'.rdata\x00\x00': 6144,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 90112,
'DUMPDATA': 26112,
'INIT\x00\x00\x00\x00': 6656,
'PAGE\x00\x00\x00\x00': 5120},
'StackReserveSize': 262144,
'filename': './data/malware/63ce11e3c93db194fbd2bb199f440fb0f262ba519deabc922a3bb4fc66ceadff'},
'642a03a55e04e2ec6da2f8a8df0a2f8b63c0f35f7ac021eb0a4fa1e92a6f601c': {'AddressOfEntryPoint': 35116,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'EnumProcessModules'},
'ImportedFunctions': ['GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'Sleep',
'OpenProcess',
'GetExitCodeProcess',
'TerminateProcess',
'CloseHandle',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'CreateFileW',
'CreateThread',
'GetCurrentProcess',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetModuleFileNameW',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 58880},
'StackReserveSize': 1048576,
'filename': './data/malware/642a03a55e04e2ec6da2f8a8df0a2f8b63c0f35f7ac021eb0a4fa1e92a6f601c'},
'64ed0e533d82e680dc32f4d593bbc63f97bcc171f8d4d43b43366e2cc6d6d826': {'AddressOfEntryPoint': 477410,
'DebugRVA': 162144,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 159744,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'CryptAcquireContextA',
'CRYPT32.dll': 'CertCloseStore',
'GDI32.dll': 'SetBkMode',
'KERNEL32.dll': 'GlobalHandle',
'OLEAUT32.dll': 'SysFreeString',
'SHELL32.dll': 'ShellExecuteA',
'USER32.dll': 'EndPaint',
'VERSION.dll': 'GetFileVersionInfoA',
'WININET.dll': 'InternetErrorDlg',
'WINTRUST.dll': 'WinVerifyTrust',
'ole32.dll': 'CoTaskMemFree',
'urlmon.dll': 'URLDownloadToFileA'},
'ImportedFunctions': ['RegCloseKey',
'RegSetValueExA',
'RegCreateKeyExA',
'RegDeleteValueA',
'RegOpenKeyExA',
'SetSecurityDescriptorDacl',
'InitializeSecurityDescriptor',
'RegQueryValueExA',
'RegDeleteKeyA',
'RegEnumKeyA',
'RegQueryInfoKeyA',
'CryptDestroyHash',
'CryptGetHashParam',
'CryptHashData',
'CryptReleaseContext',
'CryptCreateHash',
'CryptAcquireContextA',
'CertGetNameStringW',
'CertFindCertificateInStore',
'CryptMsgGetParam',
'CryptQueryObject',
'CryptMsgClose',
'CertCloseStore',
'VerQueryValueA',
'GetFileVersionInfoA',
'wsprintfA',
'GetDesktopWindow',
'MsgWaitForMultipleObjects',
'PeekMessageA',
'DispatchMessageA',
'TranslateMessage',
'SetWindowLongPtrA',
'DefWindowProcA',
'GetSysColor',
'DestroyWindow',
'GetWindowRect',
'PtInRect',
'SetCursor',
'GetDlgCtrlID',
'LoadBitmapA',
'EnableWindow',
'EndDialog',
'CharNextA',
'RegisterClassA',
'ShowWindow',
'PostQuitMessage',
'LoadStringA',
'AppendMenuA',
'GetCursorPos',
'SetForegroundWindow',
'CallWindowProcA',
'GetWindowLongPtrA',
'GetWindowLongA',
'SetWindowLongA',
'SetWindowPos',
'GetClientRect',
'GetDC',
'ReleaseDC',
'InvalidateRect',
'InvalidateRgn',
'RedrawWindow',
'SetCapture',
'IsChild',
'GetParent',
'GetDlgItem',
'GetClassNameA',
'SetFocus',
'GetWindow',
'GetFocus',
'MessageBoxA',
'CreatePopupMenu',
'TrackPopupMenu',
'PostMessageA',
'GetSystemMetrics',
'LoadImageA',
'DialogBoxIndirectParamA',
'RegisterWindowMessageA',
'GetWindowTextLengthA',
'GetWindowTextA',
'SetWindowTextA',
'CreateAcceleratorTableA',
'CreateWindowExA',
'GetClassInfoExA',
'LoadCursorA',
'RegisterClassExA',
'IsWindow',
'SendMessageA',
'ReleaseCapture',
'BeginPaint',
'FillRect',
'EndPaint',
'StretchBlt',
'SetTextColor',
'SaveDC',
'SetGraphicsMode',
'ModifyWorldTransform',
'SetViewportOrgEx',
'SetWindowOrgEx',
'DPtoLP',
'CreateFontIndirectA',
'RestoreDC',
'GetStockObject',
'GetObjectA',
'CreateSolidBrush',
'DeleteObject',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'BitBlt',
'DeleteDC',
'GetDeviceCaps',
'SetBkMode',
'WinVerifyTrust',
'HttpAddRequestHeadersA',
'InternetTimeFromSystemTime',
'InternetTimeToSystemTime',
'InternetReadFile',
'InternetGetConnectedState',
'InternetOpenA',
'InternetCrackUrlA',
'InternetConnectA',
'HttpOpenRequestA',
'HttpSendRequestA',
'HttpQueryInfoA',
'InternetCloseHandle',
'InternetErrorDlg',
'URLDownloadToFileA',
'Shell_NotifyIconA',
'ShellExecuteA',
'GetFileType',
'SetHandleCount',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'GetModuleFileNameA',
'GetStdHandle',
'ExitProcess',
'CompareStringW',
'GetOEMCP',
'GetACP',
'GetTimeZoneInformation',
'HeapCreate',
'HeapSetInformation',
'TlsGetValue',
'TlsSetValue',
'TlsFree',
'SetEnvironmentVariableA',
'GetStartupInfoA',
'RtlPcToFileHeader',
'HeapAlloc',
'HeapFree',
'RtlUnwindEx',
'InterlockedPopEntrySList',
'VirtualAlloc',
'VirtualFree',
'InterlockedPushEntrySList',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'QueryPerformanceCounter',
'GetThreadLocale',
'CreatePipe',
'SetHandleInformation',
'ReadFile',
'GetCurrentProcessId',
'GetTickCount',
'IsBadReadPtr',
'IsBadWritePtr',
'IsBadCodePtr',
'HeapReAlloc',
'LCMapStringA',
'LCMapStringW',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'SetStdHandle',
'VirtualProtect',
'VirtualQuery',
'FlushFileBuffers',
'GetProcessHeap',
'CompareStringA',
'TlsAlloc',
'GetCPInfo',
'SystemTimeToTzSpecificLocalTime',
'LocalFree',
'GetEnvironmentVariableA',
'GetTempPathA',
'GetSystemInfo',
'LoadLibraryA',
'FreeLibrary',
'OpenEventA',
'GetModuleHandleA',
'GetProcAddress',
'GetVersionExA',
'GetSystemTime',
'lstrcpynA',
'CreateEventA',
'CreateThread',
'ResetEvent',
'WaitForMultipleObjects',
'SetEvent',
'FindResourceA',
'LoadResource',
'LockResource',
'__C_specific_handler',
'DeleteCriticalSection',
'InitializeCriticalSection',
'HeapDestroy',
'CloseHandle',
'GetLastError',
'CreateMutexA',
'lstrcmpiA',
'GetCommandLineA',
'lstrlenA',
'lstrcmpA',
'MultiByteToWideChar',
'WideCharToMultiByte',
'FlushInstructionCache',
'GetCurrentProcess',
'RaiseException',
'WriteFile',
'WaitForSingleObject',
'SetEndOfFile',
'SetFilePointer',
'CompareFileTime',
'SystemTimeToFileTime',
'Sleep',
'FileTimeToSystemTime',
'GetFileTime',
'GetFileSize',
'CreateFileA',
'lstrcatA',
'lstrcpyA',
'LeaveCriticalSection',
'EnterCriticalSection',
'GetCurrentThreadId',
'GlobalAlloc',
'lstrlenW',
'GetExitCodeProcess',
'CreateProcessA',
'DeleteFileA',
'FormatMessageA',
'SetLastError',
'GlobalUnlock',
'GlobalLock',
'FreeResource',
'GlobalFree',
'GlobalHandle',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'CoInitializeSecurity',
'StringFromCLSID',
'CLSIDFromProgID',
'CLSIDFromString',
'CoTaskMemAlloc',
'OleLockRunning',
'CreateStreamOnHGlobal',
'OleInitialize',
'OleUninitialize',
'CoTaskMemFree',
'LoadRegTypeLib',
'VariantClear',
'SysStringLen',
'SysAllocStringLen',
'SysAllocString',
'SysFreeString'],
'LinkerVersion': 8,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 272,
'NumberOfSections': 6,
'OSVersion': 4,
'ResSize': 208456,
'SectionNames': {'.data\x00\x00\x00': 8704,
'.pdata\x00\x00': 9728,
'.rdata\x00\x00': 49152,
'.rsrc\x00\x00\x00': 236544,
'.text\x00\x00\x00': 154624,
'dwplybt\x00': 0},
'StackReserveSize': 1048576,
'filename': './data/malware/64ed0e533d82e680dc32f4d593bbc63f97bcc171f8d4d43b43366e2cc6d6d826'},
'652cac5fedbc07221da48a735868fb33b55e11496c2d31816c99b1d8a8d86a39': {'AddressOfEntryPoint': 61916,
'DebugRVA': 65680,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'storport.sys': 'StorPortSetDeviceQueueDepth'},
'ImportedFunctions': ['StorPortDebugPrint',
'StorPortNotification',
'StorPortGetBusData',
'StorPortGetScatterGatherList',
'StorPortInitialize',
'StorPortGetUncachedExtension',
'StorPortExtendedFunction',
'StorPortQuerySystemTime',
'StorPortStallExecution',
'StorPortGetPhysicalAddress',
'StorPortFreeRegistryBuffer',
'StorPortGetDeviceBase',
'StorPortAllocateRegistryBuffer',
'StorPortRegistryRead',
'StorPortDeviceBusy',
'StorPortSetDeviceQueueDepth'],
'LinkerVersion': 10,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 16,
'NumberOfSections': 7,
'OSVersion': 6,
'ResSize': 1040,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 2560,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 60416,
'INIT\x00\x00\x00\x00': 1024},
'StackReserveSize': 262144,
'filename': './data/malware/652cac5fedbc07221da48a735868fb33b55e11496c2d31816c99b1d8a8d86a39'},
'6592df07e6f9c9b818e7c9b45331f5ca79e60ef5977d2b3ab19bac23f585740e': {'AddressOfEntryPoint': 34908,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 65536,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenProcessToken',
'KERNEL32.dll': 'GetStringTypeW',
'PSAPI.DLL': 'EnumProcessModules'},
'ImportedFunctions': ['GetModuleFileNameExW',
'EnumProcesses',
'EnumProcessModules',
'Sleep',
'OpenProcess',
'GetExitCodeProcess',
'TerminateProcess',
'CloseHandle',
'LoadLibraryW',
'GetProcAddress',
'FreeLibrary',
'GetLastError',
'CreateFileW',
'CreateThread',
'GetCurrentProcess',
'SetPriorityClass',
'SetThreadPriority',
'lstrcpyW',
'GetLongPathNameW',
'CreateProcessW',
'GetModuleFileNameW',
'RtlUnwindEx',
'EncodePointer',
'DecodePointer',
'GetCommandLineW',
'RaiseException',
'RtlPcToFileHeader',
'HeapFree',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'HeapAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'WriteFile',
'GetStdHandle',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapReAlloc',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'WideCharToMultiByte',
'LCMapStringW',
'MultiByteToWideChar',
'GetStringTypeW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken'],
'LinkerVersion': 10,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 74,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 436,
'SectionNames': {'.data\x00\x00\x00': 4608,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 18432,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 512,
'.text\x00\x00\x00': 58880},
'StackReserveSize': 1048576,
'filename': './data/malware/6592df07e6f9c9b818e7c9b45331f5ca79e60ef5977d2b3ab19bac23f585740e'},
'6647101d7f42fd62225439f1065f0214acfffb3adb2f152cd4aab4539ad5f10d': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/6647101d7f42fd62225439f1065f0214acfffb3adb2f152cd4aab4539ad5f10d'},
'66732ae7086ac646b223a5244af6a89f3ec25061d9f3d401a6111dbe5f4dd7b3': {'AddressOfEntryPoint': 484736,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 585728,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegOpenKeyExW',
'COMCTL32.dll': 'ImageList_Remove',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetCancelConnection2W',
'OLEAUT32.dll': 'GetActiveObject',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'SetKeyboardState',
'VERSION.dll': 'VerQueryValueW',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'listen',
'comdlg32.dll': 'GetOpenFileNameW',
'ole32.dll': 'CoTaskMemFree'},
'ImportedFunctions': ['__WSAFDIsSet',
'recv',
'send',
'socket',
'connect',
'closesocket',
'bind',
'select',
'accept',
'htons',
'sendto',
'recvfrom',
'ntohs',
'WSAGetLastError',
'ioctlsocket',
'WSACleanup',
'inet_addr',
'gethostbyname',
'WSAStartup',
'gethostname',
'listen',
'GetFileVersionInfoSizeW',
'GetFileVersionInfoW',
'VerQueryValueW',
'waveOutSetVolume',
'timeGetTime',
'mciSendStringW',
'ImageList_DragEnter',
'ImageList_BeginDrag',
'ImageList_SetDragCursorImage',
'ImageList_DragMove',
'ImageList_EndDrag',
'ImageList_DragLeave',
'ImageList_Destroy',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Remove',
'WNetUseConnectionW',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetCancelConnection2W',
'QueryPerformanceFrequency',
'UnmapViewOfFile',
'OpenProcess',
'CreateFileMappingW',
'MapViewOfFile',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'ReadFile',
'SetFilePointer',
'OutputDebugStringW',
'CreateDirectoryW',
'RemoveDirectoryW',
'TerminateProcess',
'SetSystemPowerState',
'SetFileTime',
'FindResourceW',
'GetFileAttributesW',
'LoadResource',
'FindFirstFileW',
'LockResource',
'FindClose',
'SizeofResource',
'EnumResourceNamesW',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'GetLocalTime',
'MultiByteToWideChar',
'WideCharToMultiByte',
'CompareStringW',
'WriteFile',
'CreatePipe',
'GetStdHandle',
'EnterCriticalSection',
'TerminateThread',
'LeaveCriticalSection',
'DeleteCriticalSection',
'GetTempPathW',
'GetTempFileNameW',
'FormatMessageW',
'GetExitCodeProcess',
'VirtualFree',
'GetDriveTypeW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'DeviceIoControl',
'SetErrorMode',
'QueryPerformanceCounter',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'SetFileAttributesW',
'GetPrivateProfileSectionNamesW',
'GetShortPathNameW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GlobalAlloc',
'SetProcessWorkingSetSize',
'GlobalMemoryStatus',
'Beep',
'GetEnvironmentVariableW',
'GetFileSize',
'SetEnvironmentVariableW',
'GlobalFree',
'GlobalLock',
'GlobalUnlock',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'CreateProcessW',
'SetPriorityClass',
'VirtualAlloc',
'LoadLibraryExW',
'GetStartupInfoW',
'GetVersionExA',
'ResumeThread',
'GetSystemTimeAsFileTime',
'ExitThread',
'ExitProcess',
'GetModuleHandleA',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'TlsSetValue',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlCaptureContext',
'RaiseException',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'RtlUnwindEx',
'HeapSize',
'HeapSetInformation',
'HeapCreate',
'GetConsoleCP',
'GetConsoleMode',
'SetHandleCount',
'GetModuleHandleW',
'GetSystemInfo',
'GetVersionExW',
'GetCurrentThreadId',
'Sleep',
'HeapFree',
'CloseHandle',
'GetCurrentProcess',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'HeapAlloc',
'GetLastError',
'GetProcessHeap',
'LoadLibraryA',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetFileType',
'GetStartupInfoA',
'FlushFileBuffers',
'GetCurrentDirectoryW',
'FreeLibrary',
'InitializeCriticalSection',
'GetProcAddress',
'LoadLibraryW',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'SetStdHandle',
'LCMapStringA',
'LCMapStringW',
'GetTimeZoneInformation',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineA',
'GetCommandLineW',
'GetTickCount',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'HeapReAlloc',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'SetEndOfFile',
'CompareStringA',
'GetPrivateProfileStringW',
'SetEnvironmentVariableA',
'PtInRect',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowTextLengthW',
'GetWindowDC',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSystemMetrics',
'SetWindowLongPtrW',
'CreateMenu',
'GetSysColor',
'IsDlgButtonChecked',
'GetActiveWindow',
'InflateRect',
'CharNextW',
'DrawFocusRect',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'CountClipboardFormats',
'CharLowerBuffW',
'UnregisterHotKey',
'GetMessageW',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'TrackPopupMenuEx',
'FillRect',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'SystemParametersInfoW',
'IsCharLowerW',
'GetKeyState',
'keybd_event',
'GetCursor',
'GetKeyboardLayoutNameA',
'GetAsyncKeyState',
'CharUpperW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'DestroyWindow',
'GetMenu',
'GetClientRect',
'EndPaint',
'CopyRect',
'BeginPaint',
'EnumWindows',
'GetDesktopWindow',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'EnumChildWindows',
'CharUpperBuffW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'DrawFrameControl',
'FrameRect',
'RedrawWindow',
'DrawTextW',
'wsprintfW',
'FlashWindow',
'SetWindowLongW',
'GetWindowLongW',
'IsZoomed',
'GetCaretPos',
'GetSubMenu',
'GetCursorPos',
'GetMenuStringW',
'SendMessageTimeoutW',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'MessageBoxW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'IsCharUpperW',
'GetKeyboardLayoutNameW',
'SetWindowPos',
'CopyImage',
'CloseClipboard',
'GetClipboardData',
'IsClipboardFormatAvailable',
'OpenClipboard',
'AdjustWindowRectEx',
'SetRect',
'ClientToScreen',
'RegisterHotKey',
'GetKeyboardState',
'ReleaseDC',
'MessageBoxA',
'RegisterWindowMessageW',
'DestroyIcon',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'GetDC',
'WindowFromPoint',
'SetClipboardData',
'VkKeyScanA',
'EmptyClipboard',
'SetKeyboardState',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CloseFigure',
'SetPixel',
'EndPath',
'StrokePath',
'StrokeAndFillPath',
'ExtCreatePen',
'PolyBezierTo',
'SetViewportOrgEx',
'Rectangle',
'GetObjectW',
'SetBkMode',
'CreateDCW',
'CreateCompatibleBitmap',
'GetPixel',
'DeleteDC',
'GetDIBits',
'BitBlt',
'SelectObject',
'CreateDIBSection',
'CreateCompatibleDC',
'CreateFontW',
'GetDeviceCaps',
'GetTextFaceW',
'GetStockObject',
'GetTextExtentPoint32W',
'DeleteObject',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegSetValueExW',
'RegCreateKeyExW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'AdjustTokenPrivileges',
'LookupPrivilegeValueW',
'OpenProcessToken',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'DragQueryPoint',
'ShellExecuteExW',
'DragQueryFileW',
'SHBrowseForFolderW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'SHFileOperationW',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'IIDFromString',
'StringFromIID',
'CLSIDFromString',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'StringFromCLSID',
'OleUninitialize',
'CoTaskMemAlloc',
'CoTaskMemFree',
'LoadRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayDestroyData',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VarR8FromDec',
'VariantTimeToSystemTime',
'VariantClear',
'VariantCopy',
'VariantInit',
'GetActiveObject'],
'LinkerVersion': 8,
'NumberOfImportDLL': 13,
'NumberOfImportFunctions': 459,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 48816,
'SectionNames': {'.data\x00\x00\x00': 16896,
'.pdata\x00\x00': 19456,
'.rdata\x00\x00': 81920,
'.rsrc\x00\x00\x00': 49152,
'.text\x00\x00\x00': 580096},
'StackReserveSize': 4194304,
'filename': './data/malware/66732ae7086ac646b223a5244af6a89f3ec25061d9f3d401a6111dbe5f4dd7b3'},
'66c6327c3e1c5f001fb61984b80e58fe9c34f243744f3a8752429bad518f8749': {'AddressOfEntryPoint': 7792,
'DebugRVA': 45664,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 45056,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'MD5Init',
'KERNEL32.dll': 'GetProcessHeap',
'WS2_32.dll': 'WSAStartup',
'ntdll.dll': 'memcpy'},
'ImportedFunctions': ['sprintf',
'RtlStringFromGUID',
'RtlInitUnicodeString',
'ZwCreateKey',
'ZwWriteFile',
'wcstoul',
'ZwQueryVolumeInformationFile',
'RtlTimeToSecondsSince1970',
'RtlNtStatusToDosError',
'ZwCreateFile',
'LdrAccessResource',
'LdrFindResource_U',
'RtlFreeUnicodeString',
'ZwResumeThread',
'ZwWriteVirtualMemory',
'ZwProtectVirtualMemory',
'ZwSetInformationFile',
'ZwWaitForSingleObject',
'ZwGetContextThread',
'RtlExitUserThread',
'RtlCreateUserThread',
'ZwDuplicateObject',
'ZwOpenFile',
'RtlDosPathNameToNtPathName_U',
'ZwClose',
'RtlAdjustPrivilege',
'ZwImpersonateThread',
'ZwOpenThread',
'ZwOpenProcess',
'ZwQuerySystemInformation',
'RtlIpv4AddressToStringA',
'ZwOpenKey',
'ZwQueryValueKey',
'RtlIpv4StringToAddressExW',
'_wtoi64',
'wcschr',
'ZwQueueApcThread',
'ZwAllocateVirtualMemory',
'RtlEqualUnicodeString',
'ZwOpenEvent',
'ZwSetContextThread',
'ZwQueryInformationFile',
'ZwSetValueKey',
'LdrFindEntryForAddress',
'__chkstk',
'memcpy',
'GetSystemDefaultLangID',
'GetSystemTimeAsFileTime',
'GetLastError',
'BindIoCompletionCallback',
'HeapAlloc',
'GetVersion',
'Sleep',
'GetCommandLineW',
'LoadLibraryExW',
'ExitProcess',
'VirtualFree',
'VirtualAlloc',
'GetModuleHandleW',
'HeapFree',
'GetProcessHeap',
'MD5Final',
'MD5Update',
'MD5Init',
'WSASend',
'WSARecv',
'WSAIoctl',
'bind',
'closesocket',
'WSAGetLastError',
'WSASocketW',
'WSAStartup'],
'LinkerVersion': 9,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 72,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 2560,
'SectionNames': {'.data\x00\x00\x00': 1024,
'.pdata\x00\x00': 1024,
'.rdata\x00\x00': 5632,
'.rsrc\x00\x00\x00': 2560,
'.text\x00\x00\x00': 40960},
'StackReserveSize': 1048576,
'filename': './data/malware/66c6327c3e1c5f001fb61984b80e58fe9c34f243744f3a8752429bad518f8749'},
'67085c902c65567e81845fa9d162bff568bdcd59df67bfe1dd90dd6bf8ea0ba5': {'AddressOfEntryPoint': 4416,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'CreateProcessA',
'SHLWAPI.dll': 'PathFileExistsA',
'USER32.dll': 'wvsprintfA',
'imagehlp.dll': 'CheckSumMappedFile'},
'ImportedFunctions': ['CheckSumMappedFile',
'PathFileExistsA',
'HeapAlloc',
'GetProcessHeap',
'lstrlenA',
'GetCommandLineA',
'ExitProcess',
'UnmapViewOfFile',
'IsBadReadPtr',
'CloseHandle',
'MapViewOfFile',
'CreateFileMappingA',
'GetFileSize',
'CreateFileA',
'DeleteFileA',
'CopyFileA',
'MoveFileExA',
'GetTempFileNameA',
'GetModuleFileNameA',
'GetLastError',
'WaitForSingleObject',
'lstrcpyA',
'WriteFile',
'ReadFile',
'SetFilePointer',
'lstrcatA',
'GetWindowsDirectoryA',
'GetVersion',
'HeapFree',
'ReadConsoleA',
'GetStdHandle',
'WriteConsoleA',
'CreateProcessA',
'wsprintfA',
'wvsprintfA',
'RegSetValueExA',
'RegOpenKeyA',
'RegQueryValueExA',
'RegCloseKey'],
'LinkerVersion': 8,
'NumberOfImportDLL': 5,
'NumberOfImportFunctions': 39,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 1592,
'SectionNames': {'.data\x00\x00\x00': 0,
'.pdata\x00\x00': 512,
'.rdata\x00\x00': 3584,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 4096},
'StackReserveSize': 1048576,
'filename': './data/malware/67085c902c65567e81845fa9d162bff568bdcd59df67bfe1dd90dd6bf8ea0ba5'},
'6744cee15755896a14f23ecad9f789932097f61f3af9e863cd9563818bd52f3c': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/6744cee15755896a14f23ecad9f789932097f61f3af9e863cd9563818bd52f3c'},
'679185dfe9116ec51311577155282272f97eff304d230e6d087b5fa4f83b1ddf': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 1413500,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1413632,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/679185dfe9116ec51311577155282272f97eff304d230e6d087b5fa4f83b1ddf'},
'67afdd03734db788bb2e027f60b5e4f341a644db5fce057fe16fb6994ff0e460': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 512988,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 513024,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/67afdd03734db788bb2e027f60b5e4f341a644db5fce057fe16fb6994ff0e460'},
'68142e058d6123c0e2e6a623189eb5d7ccfe59dae52dca751db5c5600d31e446': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 440012,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 440320,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/68142e058d6123c0e2e6a623189eb5d7ccfe59dae52dca751db5c5600d31e446'},
'68a48964f3f010ebee03d061919bb25ac8b39cdabaa0e8f854306e7a607a60f4': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 159180,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 159232,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/68a48964f3f010ebee03d061919bb25ac8b39cdabaa0e8f854306e7a607a60f4'},
'68ba25079b1394986f7208d6dabc272ae35d6578b9525d7470fe9560159ff943': {'AddressOfEntryPoint': 107836,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 189700,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 189952,
'.text\x00\x00\x00': 596992,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/68ba25079b1394986f7208d6dabc272ae35d6578b9525d7470fe9560159ff943'},
'68d003ae15085663b50f6fccd4df7cad70798bcc61b5f30ef670c2fbbb4084dc': {'AddressOfEntryPoint': 1074646353,
'DebugRVA': 7344,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegDeleteKeyW',
'COMCTL32.dll': 'ImageList_ReplaceIcon',
'COMDLG32.dll': 'GetSaveFileNameW',
'CRYPT32.dll': 'CertFreeCertificateContext',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'UnmapViewOfFile',
'OLEAUT32.dll': 'SysFreeString',
'SETUPAPI.dll': 'SetupCloseFileQueue',
'SHELL32.dll': 'CommandLineToArgvW',
'USER32.dll': 'DrawTextExW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WINTRUST.dll': 'WinVerifyTrust',
'msvcrt.dll': 'memcmp',
'ntdll.dll': 'RtlCaptureContext',
'ole32.dll': 'CoInitialize'},
'ImportedFunctions': ['RegOpenKeyExW',
'RegQueryValueExW',
'RegCloseKey',
'OpenProcessToken',
'GetTokenInformation',
'AllocateAndInitializeSid',
'EqualSid',
'FreeSid',
'IsTextUnicode',
'GetLengthSid',
'InitializeAcl',
'AddAccessAllowedAce',
'InitializeSecurityDescriptor',
'SetSecurityDescriptorDacl',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'SetEntriesInAclW',
'OpenServiceW',
'OpenSCManagerW',
'QueryServiceStatus',
'DeleteService',
'CloseServiceHandle',
'ControlService',
'StartServiceW',
'RegDeleteValueW',
'CheckTokenMembership',
'RegCreateKeyExW',
'RegSetValueExW',
'RegDeleteKeyW',
'SetFilePointer',
'HeapAlloc',
'GetProcessHeap',
'HeapFree',
'CreateMutexW',
'GetConsoleMode',
'SetConsoleMode',
'GetConsoleScreenBufferInfo',
'ReadConsoleOutputW',
'FillConsoleOutputCharacterW',
'SetConsoleCursorPosition',
'ReleaseMutex',
'FreeLibrary',
'WriteConsoleOutputW',
'WriteConsoleW',
'LoadLibraryW',
'GetProcAddress',
'GetStdHandle',
'IsValidLocale',
'VirtualProtect',
'Sleep',
'GetFileAttributesW',
'DeleteFileW',
'FindClose',
'FindNextFileW',
'RaiseException',
'lstrcmpiW',
'lstrcmpW',
'FindFirstFileW',
'CopyFileW',
'lstrlenW',
'SetFileAttributesW',
'FormatMessageW',
'GetTempFileNameW',
'MapViewOfFile',
'FreeConsole',
'CreateFileMappingW',
'GetFileSize',
'WaitForMultipleObjects',
'CreateEventW',
'SetEvent',
'SetEndOfFile',
'LocalReAlloc',
'DeviceIoControl',
'GetSystemDirectoryW',
'VerifyVersionInfoW',
'VerSetConditionMask',
'GetShortPathNameW',
'RemoveDirectoryW',
'MoveFileExW',
'CreateDirectoryW',
'GetModuleFileNameW',
'GetFullPathNameW',
'GetCurrentDirectoryW',
'GetSystemWindowsDirectoryW',
'GetSystemDefaultUILanguage',
'SearchPathW',
'SetLastError',
'GetLocaleInfoW',
'LoadLibraryExW',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'GetModuleHandleW',
'SetUnhandledExceptionFilter',
'OutputDebugStringA',
'GetStartupInfoW',
'GetEnvironmentVariableW',
'CompareStringW',
'GetVersionExA',
'DeleteCriticalSection',
'InitializeCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'HeapSize',
'HeapReAlloc',
'HeapDestroy',
'CreateThread',
'SetThreadLocale',
'GetThreadLocale',
'WriteFile',
'CreateFileW',
'LocalFree',
'FindResourceW',
'GlobalFree',
'SetCurrentDirectoryW',
'LocalAlloc',
'GetUserDefaultUILanguage',
'EnumResourceLanguagesW',
'GetCurrentProcess',
'GetLastError',
'MultiByteToWideChar',
'GetVersionExW',
'GetCommandLineW',
'CloseHandle',
'GetLocalTime',
'FindResourceExW',
'GetExitCodeProcess',
'WaitForSingleObject',
'LoadResource',
'LockResource',
'SizeofResource',
'GetWindowsDirectoryW',
'UnmapViewOfFile',
'SelectObject',
'CreateBitmap',
'CreateCompatibleBitmap',
'GetObjectW',
'DeleteDC',
'SetLayout',
'CreateCompatibleDC',
'EndPage',
'StartPage',
'EndDoc',
'StartDocW',
'GetTextMetricsW',
'CreateFontIndirectW',
'DeleteObject',
'GetDeviceCaps',
'MessageBoxW',
'CreateIconIndirect',
'DrawIconEx',
'GetIconInfo',
'LoadIconW',
'LoadBitmapW',
'PostQuitMessage',
'SendMessageW',
'CharPrevW',
'CharLowerW',
'UnregisterClassA',
'DefWindowProcW',
'EndDialog',
'RegisterClassExW',
'CreateWindowExW',
'ShowWindow',
'AllowSetForegroundWindow',
'DialogBoxParamW',
'GetProcessWindowStation',
'GetUserObjectInformationW',
'GetDlgItem',
'DestroyIcon',
'ReleaseDC',
'InvalidateRect',
'SetWindowTextW',
'SetDlgItemTextW',
'PostMessageW',
'GetParent',
'GetSystemMetrics',
'GetSysColor',
'IsDlgButtonChecked',
'CheckDlgButton',
'SetFocus',
'CallWindowProcW',
'DestroyWindow',
'GetWindowLongPtrW',
'SetWindowLongW',
'SetWindowLongPtrW',
'SystemParametersInfoW',
'SendDlgItemMessageW',
'LoadImageW',
'GetDC',
'DrawTextExW',
'_resetstkoflw',
'__C_specific_handler',
'memset',
'_wcsupr',
'_wcslwr',
'_errno',
'__CxxFrameHandler',
'fread',
'feof',
'realloc',
'fclose',
'_wfopen',
'??2@YAPEAX_K@Z',
'wcsstr',
'_wcsicmp',
'_wtol',
'_vscwprintf',
'free',
'malloc',
'??_V@YAXPEAX@Z',
'??3@YAXPEAX@Z',
'__wgetmainargs',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'?terminate@@YAXXZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'??1type_info@@UEAA@XZ',
'memcpy',
'memmove',
'_CxxThrowException',
'mbtowc',
'__mb_cur_max',
'isleadbyte',
'_iob',
'_snprintf',
'ferror',
'__badioinfo',
'__pioinfo',
'_fileno',
'_lseeki64',
'_write',
'_wcsnicmp',
'_vsnwprintf',
'wcsncmp',
'bsearch',
'?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z',
'iswalpha',
'??_U@YAPEAX_K@Z',
'wcschr',
'wcspbrk',
'wcsrchr',
'iswdigit',
'_isatty',
'fwprintf',
'_itoa',
'memcmp',
'RtlNtStatusToDosError',
'NtOpenProcessToken',
'NtClose',
'NtOpenThreadToken',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'NtQueryInformationToken',
'RtlCaptureContext',
'ShellExecuteExW',
'SHGetFolderPathW',
'CommandLineToArgvW',
'SetupFindNextLine',
'pSetupSetGlobalFlags',
'pSetupGetGlobalFlags',
'SetupInstallServicesFromInfSectionW',
'SetupInstallFromInfSectionW',
'SetupGetTargetPathW',
'SetupDiSetSelectedDevice',
'SetupDiSetClassInstallParamsW',
'SetupDiGetDriverInfoDetailW',
'SetupOpenFileQueue',
'SetupDiGetSelectedDriverW',
'SetupDiCallClassInstaller',
'SetupDiBuildDriverInfoList',
'SetupDiSetDeviceInstallParamsW',
'SetupDiGetDeviceInstallParamsW',
'CM_Get_DevNode_Status',
'SetupDiOpenDevRegKey',
'SetupDiGetClassDevsW',
'SetupFindNextMatchLineW',
'SetupDiSetDeviceRegistryPropertyW',
'SetupDiCreateDeviceInfoList',
'SetupDiClassNameFromGuidW',
'SetupDiOpenDeviceInfoW',
'SetupDiGetDeviceInstanceIdW',
'SetupDiGetDeviceRegistryPropertyW',
'SetupDiEnumDeviceInfo',
'SetupDiGetActualSectionToInstallW',
'SetupTermDefaultQueueCallback',
'SetupDefaultQueueCallbackW',
'SetupCommitFileQueueW',
'SetupInitDefaultQueueCallbackEx',
'CMP_WaitNoPendingInstallEvents',
'SetupDiOpenClassRegKey',
'SetupGetStringFieldW',
'SetupGetLineCountW',
'SetupOpenAppendInfFileW',
'SetupFindFirstLineW',
'SetupGetIntField',
'SetupGetFieldCount',
'SetupOpenInfFileW',
'SetupCloseInfFile',
'SetupDiDestroyDeviceInfoList',
'SetupInstallFilesFromInfSectionW',
'SetupPromptReboot',
'CM_Get_Device_ID_ListW',
'CM_Get_Device_ID_List_SizeW',
'CM_Locate_DevNodeW',
'CM_Query_And_Remove_SubTreeW',
'CM_Setup_DevNode',
'CM_Get_Device_IDW',
'CM_Enumerate_Classes',
'SetupCopyOEMInfW',
'SetupQueueCopyW',
'SetupCloseFileQueue',
'CryptCATAdminCalcHashFromFileHandle',
'WinVerifyTrust',
'StringFromCLSID',
'CoTaskMemFree',
'CoCreateInstance',
'CoUninitialize',
'CoInitialize',
'VariantChangeType',
'VariantInit',
'VariantClear',
'SysAllocString',
'SysFreeString',
'ImageList_SetBkColor',
'PropertySheetW',
'ImageList_Create',
'CreatePropertySheetPageW',
'ImageList_ReplaceIcon',
'PrintDlgExW',
'GetSaveFileNameW',
'CertFreeCTLContext',
'CertGetCTLContextProperty',
'CryptQueryObject',
'CertFreeCertificateContext',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 15,
'NumberOfImportFunctions': 353,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 356820,
'StackReserveSize': 524288,
'filename': './data/malware/68d003ae15085663b50f6fccd4df7cad70798bcc61b5f30ef670c2fbbb4084dc'},
'69422bbcff151cbc45d6f45a203c12a0042eb281f72b4a059cd2ebdae291227b': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 314028,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 314368,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/69422bbcff151cbc45d6f45a203c12a0042eb281f72b4a059cd2ebdae291227b'},
'694d2a24f641ab5379049d579f8d382904bc400c7915e44aa8c0cb95b0957d1c': {'AddressOfEntryPoint': 8310,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 5368709120,
'ImageVersion': 1,
'ImportedDLL': {'KERNEL32.dll': 'OpenEventW'},
'ImportedFunctions': ['GetCommandLineW',
'Thread32First',
'OpenMutexA',
'Thread32Next',
'OpenEventA',
'ExitVDM',
'VirtualAlloc',
'Process32NextW',
'SleepEx',
'OpenEventW'],
'LinkerVersion': 4,
'NumberOfImportDLL': 1,
'NumberOfImportFunctions': 10,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 0,
'SectionNames': {'.bss\x00\x00\x00\x00': 28160,
'.data\x00\x00\x00': 60416,
'.idata\x00\x00': 20992,
'.reloc\x00\x00': 512,
'.text\x00\x00\x00': 7680},
'StackReserveSize': 1048576,
'filename': './data/malware/694d2a24f641ab5379049d579f8d382904bc400c7915e44aa8c0cb95b0957d1c'},
'69bfb20f7c1756426db121ae0f57f6e421f434b79eb13e4b81fbaeaa7a713053': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 284684,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 285184,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/69bfb20f7c1756426db121ae0f57f6e421f434b79eb13e4b81fbaeaa7a713053'},
'69c21aa33067e98e331dfef3e7b36d338abb09e3395c177850a68ee4401b939d': {'AddressOfEntryPoint': 62976,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 122880,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'OpenThreadToken',
'KERNEL32.dll': 'GetStringTypeW',
'Secur32.dll': 'LsaEnumerateLogonSessions',
'WS2_32.dll': 'htonl'},
'ImportedFunctions': ['AdjustTokenPrivileges',
'LookupPrivilegeValueA',
'OpenProcessToken',
'GetTokenInformation',
'NotifyChangeEventLog',
'OpenEventLogA',
'GetNumberOfEventLogRecords',
'GetOldestEventLogRecord',
'ReadEventLogA',
'CryptGetHashParam',
'CryptDestroyHash',
'CryptHashData',
'CryptReleaseContext',
'CryptCreateHash',
'CryptAcquireContextA',
'CloseServiceHandle',
'QueryServiceStatus',
'CreateServiceA',
'OpenSCManagerA',
'DeleteService',
'OpenServiceA',
'StartServiceA',
'ControlService',
'SetServiceStatus',
'RegisterServiceCtrlHandlerA',
'StartServiceCtrlDispatcherA',
'RegCloseKey',
'RegSetValueExA',
'RegOpenKeyExA',
'RegDeleteValueA',
'RegQueryValueExA',
'OpenThreadToken',
'LsaFreeReturnBuffer',
'LsaGetLogonSessionData',
'LsaEnumerateLogonSessions',
'ntohl',
'ntohs',
'htonl',
'CreateFileW',
'GetProcessHeap',
'SetEndOfFile',
'WriteConsoleW',
'SetEnvironmentVariableA',
'CompareStringW',
'DeleteFileA',
'GetModuleHandleA',
'OpenProcess',
'Sleep',
'SetConsoleCtrlHandler',
'GetCurrentDirectoryA',
'GetTempPathA',
'GetVersionExA',
'ProcessIdToSessionId',
'GetCurrentProcessId',
'GetModuleFileNameA',
'Process32Next',
'CloseHandle',
'Process32First',
'CreateToolhelp32Snapshot',
'ReadProcessMemory',
'WaitForSingleObject',
'CreateRemoteThread',
'VirtualFreeEx',
'WriteProcessMemory',
'VirtualAllocEx',
'GetProcAddress',
'LoadLibraryA',
'GetCurrentProcess',
'TerminateProcess',
'MultiByteToWideChar',
'UnmapViewOfFile',
'MapViewOfFile',
'CreateFileMappingA',
'CreateFileA',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceA',
'FreeResource',
'ResetEvent',
'GetLastError',
'CreateEventA',
'ReadFile',
'FreeLibrary',
'GetSystemWindowsDirectoryA',
'SetEvent',
'CreateThread',
'WaitNamedPipeA',
'WriteFile',
'DisconnectNamedPipe',
'FlushFileBuffers',
'ConnectNamedPipe',
'CreateNamedPipeA',
'WideCharToMultiByte',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'GetCurrentThread',
'GetModuleHandleW',
'ExitProcess',
'DecodePointer',
'HeapFree',
'HeapAlloc',
'EncodePointer',
'EnterCriticalSection',
'LeaveCriticalSection',
'HeapReAlloc',
'GetCommandLineA',
'RtlUnwindEx',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetHandleCount',
'GetStdHandle',
'InitializeCriticalSectionAndSpinCount',
'GetFileType',
'GetStartupInfoW',
'DeleteCriticalSection',
'LoadLibraryW',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'FlsAlloc',
'GetModuleFileNameW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'HeapSize',
'GetConsoleCP',
'GetConsoleMode',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetTickCount',
'GetSystemTimeAsFileTime',
'SetFilePointer',
'SetStdHandle',
'LCMapStringW',
'GetStringTypeW'],
'LinkerVersion': 10,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 148,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 55408,
'SectionNames': {'.data\x00\x00\x00': 21504,
'.pdata\x00\x00': 4608,
'.rdata\x00\x00': 16896,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 55808,
'.text\x00\x00\x00': 116224},
'StackReserveSize': 1048576,
'filename': './data/malware/69c21aa33067e98e331dfef3e7b36d338abb09e3395c177850a68ee4401b939d'},
'69e084e17f3256766031cf1de87950f700339ec7e7de02fd8c80e8e13cf1ce06': {'AddressOfEntryPoint': 24542,
'DebugRVA': 7104,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'CloseThreadWaitChainSession',
'COMCTL32.dll': 'ImageList_Create',
'GDI32.dll': 'CreatePen',
'IPHLPAPI.DLL': 'GetAdaptersAddresses',
'KERNEL32.dll': 'GetStartupInfoW',
'SHELL32.dll': 'Shell_NotifyIconW',
'SHLWAPI.dll': 'StrStrW',
'Secur32.dll': 'GetUserNameExW',
'USER32.dll': 'DestroyIcon',
'UxTheme.dll': 'SetWindowTheme',
'credui.dll': 'CredUIPromptForCredentialsW',
'msvcrt.dll': 'towlower',
'ntdll.dll': 'NtClose',
'pcwum.dll': 'PcwCreateQuery',
'wevtapi.dll': 'EvtClose'},
'ImportedFunctions': ['RegCreateKeyExW',
'RegSetValueExW',
'RegCloseKey',
'RegOpenKeyExW',
'RegQueryValueExW',
'EventWrite',
'ImpersonateLoggedOnUser',
'OpenProcessToken',
'DuplicateTokenEx',
'AdjustTokenPrivileges',
'EventRegister',
'EventUnregister',
'RevertToSelf',
'GetTokenInformation',
'CreateWellKnownSid',
'IsValidSid',
'SetTokenInformation',
'EnumServicesStatusExW',
'OpenServiceW',
'QueryServiceConfigW',
'CloseServiceHandle',
'OpenSCManagerW',
'StartServiceW',
'ControlService',
'OpenThreadWaitChainSession',
'GetThreadWaitChain',
'CloseThreadWaitChainSession',
'CallbackMayRunLong',
'OpenProcess',
'TrySubmitThreadpoolCallback',
'IsWow64Process',
'GetPriorityClass',
'GetTimeFormatW',
'GetExitCodeThread',
'GetTempPathW',
'CreateFileW',
'DuplicateHandle',
'GetModuleFileNameW',
'LocalFree',
'GetLogicalProcessorInformationEx',
'GetNumaHighestNodeNumber',
'SetEvent',
'CreateToolhelp32Snapshot',
'Thread32First',
'OpenThread',
'Thread32Next',
'Sleep',
'lstrcmpW',
'GetComputerNameW',
'GetCommandLineW',
'LoadLibraryExA',
'DelayLoadFailureHook',
'ReadProcessMemory',
'lstrcmpiW',
'CompareStringW',
'lstrlenW',
'GetLocaleInfoW',
'GetNumberFormatW',
'GetTickCount',
'HeapSize',
'MulDiv',
'HeapReAlloc',
'FormatMessageW',
'CloseThreadpoolCleanupGroup',
'SetProcessShutdownParameters',
'CreateEventW',
'CreateThreadpoolCleanupGroup',
'GetErrorMode',
'SetErrorMode',
'GetCurrentProcessId',
'ProcessIdToSessionId',
'SetPriorityClass',
'DeviceIoControl',
'SetLastError',
'LockResource',
'LoadResource',
'FindResourceExW',
'HeapSetInformation',
'CreateMutexW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'GetVersionExW',
'WaitForSingleObject',
'CreateProcessW',
'ExpandEnvironmentStringsW',
'CreateThread',
'CloseHandle',
'ReleaseMutex',
'CloseThreadpoolCleanupGroupMembers',
'GetCurrentDirectoryW',
'GetCurrentProcess',
'TerminateProcess',
'GetCurrentThreadId',
'HeapFree',
'GetProcessHeap',
'HeapAlloc',
'GetLastError',
'QueryFullProcessImageNameW',
'UnhandledExceptionFilter',
'GetSystemTimeAsFileTime',
'QueryPerformanceCounter',
'GetModuleHandleW',
'SetUnhandledExceptionFilter',
'GetStartupInfoW',
'SetBkMode',
'GetCurrentObject',
'GetObjectW',
'CreateFontIndirectW',
'GetCharWidth32W',
'CreateCompatibleBitmap',
'SetBkColor',
'DeleteDC',
'CreateCompatibleDC',
'SetTextColor',
'GetDeviceCaps',
'Rectangle',
'BitBlt',
'LineTo',
'MoveToEx',
'SelectObject',
'DeleteObject',
'GetStockObject',
'CreatePen',
'SendMessageTimeoutW',
'SetProcessDPIAware',
'RegisterWindowMessageW',
'MessageBoxW',
'CreateDialogParamW',
'ChangeWindowMessageFilterEx',
'GetMessageW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'TranslateMessage',
'DispatchMessageW',
'LoadMenuW',
'RemoveMenu',
'DestroyMenu',
'CreateWindowExW',
'DrawTextW',
'InvalidateRect',
'UpdateWindow',
'GetWindowLongPtrW',
'GetSysColor',
'GetDlgCtrlID',
'EnableMenuItem',
'AppendMenuW',
'DialogBoxParamW',
'SetScrollInfo',
'GetScrollInfo',
'SetScrollPos',
'EndDialog',
'GetSystemMetrics',
'GetGuiResources',
'EnableWindow',
'TrackPopupMenuEx',
'GetWindowTextW',
'SetDlgItemTextW',
'IsHungAppWindow',
'SetThreadDesktop',
'IsWindowVisible',
'EndTask',
'AllowSetForegroundWindow',
'EnumDesktopsW',
'GetProcessWindowStation',
'OpenDesktopW',
'EnumDesktopWindows',
'CloseDesktop',
'GetWindow',
'InternalGetWindowText',
'ShowWindowAsync',
'SetMenuDefaultItem',
'GetLastActivePopup',
'IsWindow',
'SwitchToThisWindow',
'TileWindows',
'GetDesktopWindow',
'CascadeWindows',
'PeekMessageW',
'GetCursorPos',
'CheckDlgButton',
'IsDlgButtonChecked',
'GetWindowTextLengthW',
'SetCursor',
'LoadCursorW',
'SetRect',
'MsgWaitForMultipleObjects',
'FindWindowW',
'SetFocus',
'GetNextDlgTabItem',
'GetClassNameW',
'GetFocus',
'GetParent',
'GetMonitorInfoW',
'MonitorFromPoint',
'LoadAcceleratorsW',
'PostQuitMessage',
'MessageBeep',
'RedrawWindow',
'MoveWindow',
'GetClassLongPtrW',
'GetWindowThreadProcessId',
'DefWindowProcW',
'GetMenuItemID',
'GetSubMenu',
'IsZoomed',
'IsIconic',
'SetForegroundWindow',
'OpenIcon',
'KillTimer',
'DestroyWindow',
'PostMessageW',
'LoadImageW',
'EndDeferWindowPos',
'DeferWindowPos',
'BeginDeferWindowPos',
'ShowWindow',
'GetShellWindow',
'SetWindowLongPtrW',
'GetMenuItemInfoW',
'SetTimer',
'LoadIconW',
'GetThreadDesktop',
'GetDialogBaseUnits',
'GetWindowRect',
'PostThreadMessageW',
'GetForegroundWindow',
'SendMessageW',
'MapWindowPoints',
'GetDlgItem',
'SetMenu',
'SetWindowPos',
'DeleteMenu',
'CheckMenuItem',
'CheckMenuRadioItem',
'GetMenu',
'SetWindowTextW',
'LoadStringW',
'RegisterClassW',
'GetClassInfoW',
'ReleaseDC',
'GetDC',
'SystemParametersInfoW',
'GetKeyState',
'CallWindowProcW',
'GetSysColorBrush',
'FillRect',
'GetClientRect',
'GhostWindowFromHungWindow',
'HungWindowFromGhostWindow',
'SetWindowLongW',
'GetWindowLongW',
'DestroyIcon',
'?terminate@@YAXXZ',
'__set_app_type',
'_fmode',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_initterm',
'_wcmdln',
'exit',
'_cexit',
'_XcptFilter',
'__C_specific_handler',
'__wgetmainargs',
'_wtol',
'??3@YAXPEAX@Z',
'swscanf_s',
'memmove',
'_ui64tow_s',
'wcsstr',
'_i64tow_s',
'_wcsicmp',
'wcsrchr',
'_vsnwprintf',
'_wcsdup',
'??2@YAPEAX_K@Z',
'memset',
'_exit',
'memcpy',
'free',
'towlower',
'GetIfEntry2',
'NhGetInterfaceNameFromDeviceGuid',
'GetAdaptersAddresses',
'CreateStatusWindowW',
'ImageList_Remove',
'ImageList_ReplaceIcon',
'ImageList_SetIconSize',
'ImageList_Create',
'PcwCollectData',
'PcwAddQueryItem',
'PcwCreateQuery',
'StrFormatByteSizeW',
'PathAddExtensionW',
'PathRemoveExtensionW',
'PathAppendW',
'StrStrW',
'ShellAboutW',
'ShellExecuteExW',
'SHParseDisplayName',
'SHOpenFolderAndSelectItems',
'CommandLineToArgvW',
'DuplicateIcon',
'Shell_NotifyIconW',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'RtlTryEnterCriticalSection',
'NtSetInformationFile',
'NtSetInformationProcess',
'NtOpenProcessToken',
'NtOpenThreadToken',
'NtOpenFile',
'RtlTimeToElapsedTimeFields',
'RtlLeaveCriticalSection',
'RtlEnterCriticalSection',
'NtQueryInformationProcess',
'NtQueryTimerResolution',
'RtlInitUnicodeString',
'RtlNtStatusToDosError',
'RtlDeleteCriticalSection',
'RtlInitializeCriticalSection',
'NtQuerySystemInformation',
'WinSqmAddToStream',
'NtQueryInformationToken',
'NtClose',
'GetUserNameExW',
'IsThemeActive',
'SetWindowTheme',
'EvtSubscribe',
'EvtClose',
'CredUIPromptForCredentialsW'],
'LinkerVersion': 9,
'NumberOfImportDLL': 15,
'NumberOfImportFunctions': 334,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 91600,
'SectionNames': {'.data\x00\x00\x00': 2560,
'.pdata\x00\x00': 3584,
'.reloc\x00\x00': 1536,
'.rsrc\x00\x00\x00': 91648,
'.text\x00\x00\x00': 156160},
'StackReserveSize': 524288,
'filename': './data/malware/69e084e17f3256766031cf1de87950f700339ec7e7de02fd8c80e8e13cf1ce06'},
'69e6ac5e7a648b547e0513821aefdff286918fec9a17bdc604c798dd38dc1863': {'AddressOfEntryPoint': 884844,
'DebugRVA': 346340,
'DebugSize': 56,
'Dll': 0,
'ExportRVA': 856064,
'ExportSize': 16727,
'IATRVA': 348160,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 17,
'OSVersion': 6,
'ResSize': 75612,
'SectionNames': {'.data\x00\x00\x00': 6656,
'.edata\x00\x00': 16896,
'.guids\x00\x00': 512,
'.pdata\x00\x00': 39424,
'.rdata\x00\x00': 53760,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 75776,
'.text\x00\x00\x00': 342528,
'INIT\x00\x00\x00\x00': 23040,
'PAGE\x00\x00\x00\x00': 83968,
'PAGEDATA': 5632,
'PAGENDCO': 20992,
'PAGENDSE': 7680,
'PAGENDSM': 92160,
'PAGENDSP': 33280,
'PAGENDST': 7168,
'PAGENPNP': 128512},
'StackReserveSize': 262144,
'filename': './data/malware/69e6ac5e7a648b547e0513821aefdff286918fec9a17bdc604c798dd38dc1863'},
'6a059810c40bf6534540ceb5305fdc08213541da786085c1a637d5fbfa5ef9b2': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 292964,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 293376,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/6a059810c40bf6534540ceb5305fdc08213541da786085c1a637d5fbfa5ef9b2'},
'6a3cd9c3d2b5a1d61652085c1a3b172fba70413bd2297ff3f503ac05fd953f3c': {'AddressOfEntryPoint': 212768,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 323584,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCreateKeyExA',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'GetSystemInfo',
'OLEAUT32.dll': 'VariantCopy',
'SETUPAPI.dll': 'CM_Get_DevNode_Status_Ex',
'SHELL32.dll': 'ShellExecuteA',
'SHLWAPI.dll': 'PathIsUNCA',
'USER32.dll': 'ValidateRect',
'VERSION.dll': 'VerQueryValueA',
'WINSPOOL.DRV': 'OpenPrinterA',
'comdlg32.dll': 'GetFileTitleA',
'newdev.dll': 'UpdateDriverForPlugAndPlayDevicesA',
'ole32.dll': 'CoRevokeClassObject'},
'ImportedFunctions': ['SetupDiRemoveDevice',
'SetupOpenInfFileA',
'SetupFindFirstLineA',
'SetupGetStringFieldA',
'SetupCloseInfFile',
'SetupCopyOEMInfA',
'SetupDiGetClassDevsA',
'SetupDiGetDeviceInstanceIdA',
'SetupDiDestroyDeviceInfoList',
'SetupDiGetDeviceRegistryPropertyA',
'SetupDiEnumDeviceInfo',
'SetupDiSetClassInstallParamsA',
'SetupDiCallClassInstaller',
'SetupDiGetDeviceInstallParamsA',
'SetupDiGetDeviceInfoListDetailA',
'CM_Get_DevNode_Status_Ex',
'UpdateDriverForPlugAndPlayDevicesA',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA',
'GlobalFlags',
'ReadFile',
'SetFilePointer',
'FlushFileBuffers',
'LockFile',
'UnlockFile',
'SetEndOfFile',
'GetFileSize',
'GetThreadLocale',
'DuplicateHandle',
'GetVolumeInformationA',
'GetFullPathNameA',
'GetCPInfo',
'GetOEMCP',
'FileTimeToSystemTime',
'SetErrorMode',
'FileTimeToLocalFileTime',
'GetFileAttributesA',
'GetFileTime',
'GetTickCount',
'HeapAlloc',
'HeapFree',
'HeapReAlloc',
'VirtualProtect',
'VirtualAlloc',
'VirtualQuery',
'RtlLookupFunctionEntry',
'RtlUnwindEx',
'ExitProcess',
'GetProcessHeap',
'GetStartupInfoA',
'RaiseException',
'RtlPcToFileHeader',
'HeapSize',
'GetStdHandle',
'HeapSetInformation',
'HeapCreate',
'TerminateProcess',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'RtlVirtualUnwind',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'FlsAlloc',
'GetACP',
'SetHandleCount',
'GetFileType',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'GetStringTypeA',
'GetStringTypeW',
'GetTimeZoneInformation',
'LCMapStringA',
'LCMapStringW',
'GetConsoleCP',
'GetConsoleMode',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'SetEnvironmentVariableA',
'WritePrivateProfileStringA',
'TlsFree',
'DeleteCriticalSection',
'LocalReAlloc',
'TlsSetValue',
'GlobalHandle',
'GlobalReAlloc',
'TlsAlloc',
'InitializeCriticalSection',
'EnterCriticalSection',
'TlsGetValue',
'LeaveCriticalSection',
'GlobalGetAtomNameA',
'GlobalFindAtomA',
'lstrcmpW',
'GetModuleFileNameW',
'FreeResource',
'GetCurrentProcessId',
'GlobalAddAtomA',
'GetCurrentThread',
'GetCurrentThreadId',
'ConvertDefaultLocale',
'EnumResourceLanguagesA',
'GetModuleFileNameA',
'GetLocaleInfoA',
'lstrcmpA',
'GlobalDeleteAtom',
'GetModuleHandleA',
'GlobalLock',
'GlobalUnlock',
'FormatMessageA',
'MulDiv',
'SetLastError',
'CreateThread',
'lstrcpyA',
'SetFileAttributesA',
'DeleteFileA',
'FindFirstFileA',
'FindClose',
'FindNextFileA',
'GlobalAlloc',
'GlobalFree',
'GetCommandLineA',
'GetCurrentProcess',
'Sleep',
'CreateFileA',
'WriteFile',
'CloseHandle',
'GetWindowsDirectoryA',
'lstrcatA',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'LocalFree',
'LocalAlloc',
'GetVersionExA',
'FindResourceA',
'LoadResource',
'LockResource',
'SizeofResource',
'lstrlenA',
'CompareStringW',
'CompareStringA',
'GetVersion',
'GetLastError',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetSystemInfo',
'IsRectEmpty',
'SetRect',
'InvalidateRect',
'InvalidateRgn',
'GetNextDlgGroupItem',
'MessageBeep',
'UnregisterClassA',
'DestroyMenu',
'RegisterClipboardFormatA',
'PostThreadMessageA',
'GetWindowDC',
'ClientToScreen',
'GrayStringA',
'DrawTextExA',
'DrawTextA',
'TabbedTextOutA',
'ShowWindow',
'MoveWindow',
'SetWindowTextA',
'IsDialogMessageA',
'RegisterWindowMessageA',
'SendDlgItemMessageA',
'WinHelpA',
'IsChild',
'GetCapture',
'GetClassLongA',
'GetClassNameA',
'GetClassLongPtrA',
'SetPropA',
'GetPropA',
'RemovePropA',
'SetFocus',
'GetWindowTextA',
'GetForegroundWindow',
'GetTopWindow',
'GetWindowLongPtrA',
'SetWindowLongPtrA',
'GetMessageTime',
'GetMessagePos',
'CopyAcceleratorTableA',
'SetForegroundWindow',
'UpdateWindow',
'GetMenu',
'CreateWindowExA',
'GetClassInfoExA',
'GetClassInfoA',
'RegisterClassA',
'GetSysColor',
'AdjustWindowRectEx',
'EqualRect',
'PtInRect',
'GetDlgCtrlID',
'DefWindowProcA',
'CallWindowProcA',
'SetWindowLongA',
'OffsetRect',
'IntersectRect',
'SystemParametersInfoA',
'GetWindowPlacement',
'GetWindowRect',
'UnhookWindowsHookEx',
'GetWindow',
'SetWindowContextHelpId',
'MapDialogRect',
'SetWindowPos',
'ReleaseDC',
'GetDC',
'CopyRect',
'GetDesktopWindow',
'SetActiveWindow',
'CreateDialogIndirectParamA',
'DestroyWindow',
'IsWindow',
'GetDlgItem',
'GetNextDlgTabItem',
'CharUpperA',
'DrawIcon',
'SendMessageA',
'EndDialog',
'GetWindowThreadProcessId',
'GetWindowLongA',
'GetLastActivePopup',
'IsWindowEnabled',
'SetWindowsHookExA',
'CallNextHookEx',
'GetMessageA',
'TranslateMessage',
'DispatchMessageA',
'GetActiveWindow',
'IsWindowVisible',
'GetKeyState',
'PeekMessageA',
'GetCursorPos',
'CharNextA',
'ReleaseCapture',
'SetCapture',
'GetSysColorBrush',
'EndPaint',
'MapWindowPoints',
'BeginPaint',
'IsIconic',
'GetClientRect',
'LoadIconA',
'EnableWindow',
'GetSystemMetrics',
'MessageBoxA',
'SetCursor',
'LoadCursorA',
'ExitWindowsEx',
'GetSubMenu',
'GetMenuItemCount',
'GetMenuItemID',
'GetMenuState',
'PostQuitMessage',
'PostMessageA',
'CheckMenuItem',
'EnableMenuItem',
'ModifyMenuA',
'GetParent',
'GetFocus',
'LoadBitmapA',
'GetMenuCheckMarkDimensions',
'SetMenuItemBitmaps',
'ValidateRect',
'SetMapMode',
'ExtSelectClipRgn',
'DeleteDC',
'GetStockObject',
'GetMapMode',
'GetBkColor',
'GetTextColor',
'GetRgnBox',
'RestoreDC',
'SaveDC',
'GetObjectA',
'SetBkColor',
'SetTextColor',
'GetClipBox',
'CreateRectRgnIndirect',
'CreateBitmap',
'GetDeviceCaps',
'ScaleWindowExtEx',
'SetWindowExtEx',
'ScaleViewportExtEx',
'SetViewportExtEx',
'OffsetViewportOrgEx',
'SetViewportOrgEx',
'SelectObject',
'Escape',
'ExtTextOutA',
'TextOutA',
'RectVisible',
'PtVisible',
'GetWindowExtEx',
'GetViewportExtEx',
'DeleteObject',
'GetFileTitleA',
'ClosePrinter',
'DocumentPropertiesA',
'OpenPrinterA',
'RegQueryValueA',
'RegEnumKeyA',
'RegOpenKeyExA',
'RegDeleteKeyA',
'RegQueryValueExA',
'RegOpenKeyA',
'RegDeleteValueA',
'OpenProcessToken',
'LookupPrivilegeValueA',
'AdjustTokenPrivileges',
'RegCreateKeyA',
'RegSetValueExA',
'RegCloseKey',
'RegCreateKeyExA',
'ShellExecuteA',
'PathFindExtensionA',
'PathFindFileNameA',
'PathStripToRootA',
'SHDeleteKeyA',
'PathIsUNCA',
'CreateILockBytesOnHGlobal',
'StgCreateDocfileOnILockBytes',
'StgOpenStorageOnILockBytes',
'CoGetClassObject',
'CLSIDFromString',
'CLSIDFromProgID',
'CoTaskMemAlloc',
'CoTaskMemFree',
'OleUninitialize',
'CoFreeUnusedLibraries',
'OleInitialize',
'OleFlushClipboard',
'CoRegisterMessageFilter',
'OleIsCurrentClipboard',
'CoRevokeClassObject',
'SysFreeString',
'SysAllocStringLen',
'VariantClear',
'VariantChangeType',
'VariantInit',
'SysStringLen',
'SysAllocStringByteLen',
'OleCreateFontIndirect',
'VariantTimeToSystemTime',
'SystemTimeToVariantTime',
'SafeArrayDestroy',
'SysAllocString',
'VariantCopy'],
'LinkerVersion': 8,
'NumberOfImportDLL': 14,
'NumberOfImportFunctions': 364,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 879304,
'SectionNames': {'.data\x00\x00\x00': 13824,
'.pdata\x00\x00': 24064,
'.rdata\x00\x00': 113664,
'.rsrc\x00\x00\x00': 923136,
'.text\x00\x00\x00': 315904},
'StackReserveSize': 1048576,
'filename': './data/malware/6a3cd9c3d2b5a1d61652085c1a3b172fba70413bd2297ff3f503ac05fd953f3c'},
'6a508ee7fa8102b82ab051446a98a069350e2f480f2e7fb8001386babb968fdd': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3436,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 217600,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/6a508ee7fa8102b82ab051446a98a069350e2f480f2e7fb8001386babb968fdd'},
'6a51f33c24a49eda081c319fe9ddc15b735531a1d847d9b0128e36a357898feb': {'AddressOfEntryPoint': 217088,
'DebugRVA': 46864,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 0,
'OSVersion': 6,
'ResSize': 127328,
'SectionNames': {},
'StackReserveSize': 524288,
'filename': './data/malware/6a51f33c24a49eda081c319fe9ddc15b735531a1d847d9b0128e36a357898feb'},
'6a645668f630f05072da573a2ee6de2c8b56068e24ee117e6c6078d4bf2c76f3': {'AddressOfEntryPoint': 1528126,
'DebugRVA': 251600,
'DebugSize': 28,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 249856,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'GetCurrentProcess',
'MSVCR80.dll': '_chdir',
'OLEAUT32.dll': 'VariantClear',
'WS2_32.dll': 'getsockname',
'iphlpapi.dll': 'GetAdaptersInfo'},
'ImportedFunctions': ['__initenv',
'_initterm',
'_initterm_e',
'_configthreadlocale',
'__setusermatherr',
'_commode',
'_encode_pointer',
'__set_app_type',
'__lconv_init',
'__crt_debugger_hook',
'?terminate@@YAXXZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'_decode_pointer',
'?_type_info_dtor_internal_method@type_info@@QEAAXXZ',
'_cexit',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_amsg_exit',
'_atoi64',
'_putenv',
'_fullpath',
'bsearch',
'perror',
'getc',
'_finite',
'abort',
'memchr',
'strftime',
'strerror',
'toupper',
'vsprintf',
'_vsnprintf_s',
'_fstat64i32',
'memcmp',
'memmove',
'_purecall',
'rand',
'remove',
'_strdup',
'asctime',
'_vsnprintf',
'??3@YAXPEAX@Z',
'__CxxFrameHandler3',
'??2@YAPEAX_K@Z',
'strtol',
'_beginthreadex',
'_endthreadex',
'strstr',
'_strnicmp',
'_fmode',
'getenv',
'strcat_s',
'sprintf_s',
'strtoul',
'strncpy_s',
'strcpy_s',
'strspn',
'strpbrk',
'_getpid',
'_ftime64',
'_splitpath',
'_errno',
'calloc',
'strncat',
'memcpy',
'realloc',
'_stricmp',
'qsort',
'strrchr',
'fwrite',
'fread',
'memset',
'exit',
'strtok',
'strchr',
'strncmp',
'fgets',
'fseek',
'malloc',
'fopen',
'free',
'fclose',
'strncpy',
'__iob_func',
'fprintf',
'fflush',
'atoi',
'sprintf',
'_time64',
'_ctime64',
'_set_invalid_parameter_handler',
'fputc',
'_localtime64',
'_CxxThrowException',
'_fileno',
'_chdir',
'VariantClear',
'SetThreadAffinityMask',
'GetProcessHeap',
'HeapFree',
'MultiByteToWideChar',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetTickCount',
'QueryPerformanceCounter',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'WideCharToMultiByte',
'InitializeCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'SetHandleInformation',
'DeleteCriticalSection',
'WaitForSingleObject',
'GetExitCodeThread',
'IsDebuggerPresent',
'DuplicateHandle',
'Sleep',
'GetModuleFileNameA',
'GetSystemDirectoryA',
'LoadLibraryA',
'GetProcAddress',
'FreeLibrary',
'GetCurrentProcessId',
'SleepEx',
'GetTimeZoneInformation',
'GetCurrentThread',
'CloseHandle',
'TerminateProcess',
'GetLastError',
'GetSystemInfo',
'GetVersionExA',
'GetComputerNameA',
'GetCurrentProcess',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegCloseKey',
'gethostname',
'WSAStartup',
'WSAEnumProtocolsA',
'WSASetLastError',
'WSACleanup',
'getservbyport',
'gethostbyaddr',
'getservbyname',
'gethostbyname',
'htons',
'closesocket',
'socket',
'WSASocketA',
'bind',
'send',
'WSASend',
'recv',
'ioctlsocket',
'inet_addr',
'WSAGetLastError',
'htonl',
'inet_ntoa',
'WSADuplicateSocketA',
'select',
'getsockopt',
'getpeername',
'ntohs',
'getsockname',
'GetAdaptersInfo'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 174,
'NumberOfSections': 7,
'OSVersion': 4,
'ResSize': 1184,
'SectionNames': {'.data\x00\x00\x00': 70656,
'.pdata\x00\x00': 10752,
'.rdata\x00\x00': 506368,
'.reloc\x00\x00': 24576,
'.rsrc\x00\x00\x00': 1536,
'.text\x00\x00\x00': 244224,
'.tls\x00\x00\x00\x00': 512},
'StackReserveSize': 33554432,
'filename': './data/malware/6a645668f630f05072da573a2ee6de2c8b56068e24ee117e6c6078d4bf2c76f3'},
'6aa26aa6216320589a41ac14af447ab611d500783017afefbc0bb0206d860bad': {'AddressOfEntryPoint': 217088,
'DebugRVA': 46864,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 0,
'OSVersion': 6,
'ResSize': 127328,
'SectionNames': {},
'StackReserveSize': 524288,
'filename': './data/malware/6aa26aa6216320589a41ac14af447ab611d500783017afefbc0bb0206d860bad'},
'6abb95578c8f3341ea170e2184e56235644889281700a841e61d65fe45b80519': {'AddressOfEntryPoint': 52012,
'DebugRVA': 140480,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 139264,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'SetSecurityInfo',
'KERNEL32.dll': 'EnterCriticalSection',
'USER32.dll': 'DispatchMessageA'},
'ImportedFunctions': ['GetVersionExA',
'GetLastError',
'WaitForMultipleObjects',
'ReleaseMutex',
'ReleaseSemaphore',
'LocalFree',
'WaitForSingleObject',
'LocalAlloc',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryA',
'CreateEventA',
'CreateMutexA',
'CreateSemaphoreA',
'HeapAlloc',
'GetProcessHeap',
'QueryPerformanceCounter',
'GetSystemTimeAsFileTime',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetCurrentProcess',
'UnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'GetCommandLineA',
'RaiseException',
'RtlPcToFileHeader',
'RtlUnwindEx',
'HeapFree',
'ExitThread',
'CreateThread',
'WriteConsoleW',
'GetFileType',
'GetStdHandle',
'LCMapStringA',
'LCMapStringW',
'GetCPInfo',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'GetModuleHandleW',
'ExitProcess',
'WriteFile',
'FreeEnvironmentStringsA',
'GetEnvironmentStrings',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'SetHandleCount',
'GetStartupInfoA',
'HeapSetInformation',
'HeapCreate',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'GetLocaleInfoA',
'GetStringTypeA',
'GetStringTypeW',
'HeapReAlloc',
'GetUserDefaultLCID',
'EnumSystemLocalesA',
'IsValidLocale',
'InitializeCriticalSectionAndSpinCount',
'GetLocaleInfoW',
'SetFilePointer',
'GetConsoleCP',
'GetConsoleMode',
'FlushFileBuffers',
'SetStdHandle',
'WriteConsoleA',
'GetConsoleOutputCP',
'OpenProcess',
'OpenEventA',
'ResetEvent',
'Sleep',
'CreateFileA',
'CloseHandle',
'SetEvent',
'GetCurrentProcessId',
'GetTickCount',
'GetModuleFileNameA',
'SetUnhandledExceptionFilter',
'GetCurrentThreadId',
'DeleteCriticalSection',
'InitializeCriticalSection',
'LeaveCriticalSection',
'TerminateProcess',
'EnterCriticalSection',
'SetWindowsHookExA',
'UnhookWindowsHookEx',
'MsgWaitForMultipleObjectsEx',
'PeekMessageA',
'TranslateMessage',
'DispatchMessageA',
'RegOpenKeyExA',
'RegCloseKey',
'RegQueryValueExA',
'InitializeAcl',
'SetSecurityInfo'],
'LinkerVersion': 9,
'NumberOfImportDLL': 3,
'NumberOfImportFunctions': 105,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 1840,
'SectionNames': {'.data\x00\x00\x00': 11264,
'.pdata\x00\x00': 9216,
'.rdata\x00\x00': 40960,
'.reloc\x00\x00': 2560,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 132096},
'StackReserveSize': 1048576,
'filename': './data/malware/6abb95578c8f3341ea170e2184e56235644889281700a841e61d65fe45b80519'},
'6ac80a063b8606daf2e4975983b142e44ce7e9861815a11ad3b2c7cb853d73d3': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 153688,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 154112,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/6ac80a063b8606daf2e4975983b142e44ce7e9861815a11ad3b2c7cb853d73d3'},
'6ad07f6615e9de8713b14fb4e12c95960fa24731a94a6e1e540e4f354e842b25': {'AddressOfEntryPoint': 180536,
'DebugRVA': 756104,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 757760,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'OpenThreadToken',
'GDI32.dll': 'ExtTextOutW',
'KERNEL32.dll': 'CloseHandle',
'OLEAUT32.dll': 'SysFreeString',
'POWRPROF.dll': 'GetPwrCapabilities',
'PROPSYS.dll': 'PropVariantToStringAlloc',
'RPCRT4.dll': 'RpcBindingFromStringBindingW',
'SHELL32.dll': 'SHCreateItemFromParsingName',
'SHLWAPI.dll': 'PathFindExtensionW',
'Secur32.dll': 'GetUserNameExW',
'USER32.dll': 'GetClassNameW',
'UxTheme.dll': 'IsThemeActive',
'dwmapi.dll': 'DwmUnregisterThumbnail',
'gdiplus.dll': 'GdipSetCompositingMode',
'msvcrt.dll': 'sin',
'ntdll.dll': 'NtQueryInformationProcess',
'ole32.dll': 'CoCreateFreeThreadedMarshaler',
'slc.dll': 'SLGetWindowsInformationDWORD'},
'ImportedFunctions': ['RegCreateKeyW',
'RegCloseKey',
'RegOpenKeyExW',
'RegGetValueW',
'EventWrite',
'EventEnabled',
'GetTraceLoggerHandle',
'GetTraceEnableLevel',
'GetTraceEnableFlags',
'RegisterTraceGuidsW',
'UnregisterTraceGuids',
'RegQueryValueExW',
'GetLengthSid',
'GetTokenInformation',
'OpenProcessToken',
'RegCreateKeyExW',
'RegSetValueExW',
'EventRegister',
'EventUnregister',
'TraceMessage',
'RegOpenKeyW',
'RegDeleteValueW',
'RegQueryInfoKeyW',
'RegEnumValueW',
'LsaOpenPolicy',
'GetSidSubAuthorityCount',
'LsaClose',
'IsValidSid',
'LsaFreeMemory',
'StartTraceW',
'EnableTraceEx',
'StopTraceW',
'CryptAcquireContextW',
'CryptCreateHash',
'CryptHashData',
'CryptGetHashParam',
'CryptDestroyHash',
'CryptReleaseContext',
'StartServiceW',
'CreateWellKnownSid',
'RegEnumKeyExW',
'GetSidSubAuthority',
'LsaLookupSids',
'ConvertSidToStringSidW',
'ConvertStringSecurityDescriptorToSecurityDescriptorW',
'CheckTokenMembership',
'QueryServiceStatus',
'OpenSCManagerW',
'OpenServiceW',
'CloseServiceHandle',
'ConvertStringSidToSidW',
'OpenThreadToken',
'DelayLoadFailureHook',
'LoadLibraryExA',
'ReadFile',
'GetFileSize',
'CreateFileW',
'FlushInstructionCache',
'RaiseException',
'SetLastError',
'OpenThread',
'GetSystemTimeAsFileTime',
'GetLocaleInfoW',
'GetDateFormatW',
'GetTimeFormatW',
'GetLocalTime',
'MultiByteToWideChar',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetModuleHandleW',
'OpenEventW',
'InterlockedPopEntrySList',
'FindClose',
'FindNextFileW',
'GetLongPathNameW',
'SetProcessShutdownParameters',
'GetStartupInfoW',
'ReleaseMutex',
'CreateMutexW',
'InitializeCriticalSection',
'DeleteCriticalSection',
'VirtualAlloc',
'InterlockedPushEntrySList',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'TerminateProcess',
'UnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'VirtualFree',
'lstrcmpiW',
'CompareStringOrdinal',
'FindFirstFileW',
'SetErrorMode',
'CreateEventW',
'GetSystemDirectoryW',
'GetVersionExW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'GetUserDefaultUILanguage',
'WaitForSingleObject',
'SetTermsrvAppInstallMode',
'GetFileAttributesW',
'RegisterApplicationRestart',
'GlobalGetAtomNameW',
'ExpandEnvironmentStringsW',
'SystemTimeToFileTime',
'GetSystemTime',
'MulDiv',
'GetTickCount64',
'GetThreadPriority',
'LeaveCriticalSection',
'EnterCriticalSection',
'SetEvent',
'GetCurrentThread',
'SetThreadPriority',
'GetTickCount',
'GetUserDefaultLangID',
'ExitProcess',
'HeapDestroy',
'UnmapViewOfFile',
'MapViewOfFile',
'SearchPathW',
'GetDynamicTimeZoneInformation',
'GetTimeZoneInformation',
'GetBinaryTypeW',
'QueryPerformanceFrequency',
'QueueUserWorkItem',
'LoadLibraryExW',
'GetProductInfo',
'TerminateThread',
'CreateIoCompletionPort',
'GetQueuedCompletionStatus',
'LoadLibraryA',
'DeleteFileW',
'GetProcessId',
'GetModuleHandleA',
'GetWindowsDirectoryW',
'CompareStringW',
'lstrcmpA',
'CompareFileTime',
'QueryFullProcessImageNameW',
'CreateFileMappingW',
'ResetEvent',
'WideCharToMultiByte',
'GlobalFree',
'DuplicateHandle',
'GetCurrentDirectoryW',
'WaitForMultipleObjects',
'GetComputerNameW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'lstrlenA',
'DeactivateActCtx',
'ActivateActCtx',
'ReleaseActCtx',
'CreateActCtxW',
'LockResource',
'LoadResource',
'FindResourceExW',
'HeapAlloc',
'HeapFree',
'GetProcessHeap',
'GetCurrentProcess',
'GetCommandLineW',
'GetPrivateProfileStringW',
'GetModuleFileNameW',
'CreateProcessW',
'lstrlenW',
'OpenProcess',
'LocalFree',
'LocalAlloc',
'QueryInformationJobObject',
'Sleep',
'CreateThread',
'SetPriorityClass',
'GetPriorityClass',
'ResumeThread',
'AssignProcessToJobObject',
'SetInformationJobObject',
'GetLastError',
'CreateJobObjectW',
'CloseHandle',
'LPtoDP',
'GetRgnBox',
'OffsetViewportOrgEx',
'GetStockObject',
'GdiFlush',
'CombineRgn',
'OffsetRgn',
'SetLayout',
'SetWindowOrgEx',
'StretchBlt',
'GetTextExtentPoint32W',
'CreatePen',
'Polyline',
'GetRegionData',
'GetTextColor',
'GetLayout',
'GetTextMetricsW',
'ExtCreateRegion',
'SetDIBits',
'SelectClipRgn',
'SetViewportOrgEx',
'GetViewportOrgEx',
'IntersectClipRect',
'GetClipRgn',
'CreateRectRgn',
'GetBkColor',
'PatBlt',
'CreateBitmap',
'SetBkMode',
'SetTextColor',
'SetBkColor',
'OffsetWindowOrgEx',
'CreateCompatibleBitmap',
'GetTextExtentPointW',
'GetClipBox',
'GetObjectW',
'GdiAlphaBlend',
'BitBlt',
'GetDeviceCaps',
'CreateFontIndirectW',
'CreateRectRgnIndirect',
'CreateCompatibleDC',
'CreateDIBSection',
'SelectObject',
'DeleteObject',
'DeleteDC',
'ExtTextOutW',
'CopyRect',
'SetRect',
'CreateWindowExW',
'DialogBoxParamW',
'GetClassInfoW',
'GetClassInfoExW',
'GetMenuItemInfoW',
'GetMenuItemCount',
'DefWindowProcW',
'ActivateKeyboardLayout',
'GetCursorPos',
'InsertMenuW',
'GetMenuStringW',
'SetMenuItemInfoW',
'InsertMenuItemW',
'IsChild',
'IsWinEventHookInstalled',
'IsProcessDPIAware',
'IsRectEmpty',
'UnionRect',
'GetClassLongW',
'SetClassLongW',
'GetGUIThreadInfo',
'GetDlgCtrlID',
'GetNextDlgGroupItem',
'GetNextDlgTabItem',
'MoveWindow',
'ChildWindowFromPointEx',
'GetWindowDC',
'CharUpperW',
'UnregisterClassW',
'FrameRect',
'WindowFromDC',
'SendMessageCallbackW',
'UpdateLayeredWindow',
'GetUserObjectInformationW',
'GetProcessWindowStation',
'GetThreadDesktop',
'ShowWindowAsync',
'BringWindowToTop',
'GetClassLongPtrW',
'GetIconInfo',
'RegisterShellHookWindow',
'DeregisterShellHookWindow',
'FlashWindowEx',
'SetThreadDesktop',
'EndTask',
'OpenInputDesktop',
'CloseDesktop',
'GetMenuState',
'IsZoomed',
'SetScrollInfo',
'GetScrollInfo',
'SetScrollPos',
'InternalGetWindowText',
'GetWindowInfo',
'GetCaretBlinkTime',
'SetLayeredWindowAttributes',
'GetLayeredWindowAttributes',
'GetUpdateRect',
'SetWindowsHookExW',
'UnhookWindowsHookEx',
'CallNextHookEx',
'SetFocus',
'GetAncestor',
'ReleaseCapture',
'GetDoubleClickTime',
'RegisterWindowMessageW',
'SetWindowTextW',
'SetWindowPlacement',
'SetRectEmpty',
'EnumDisplayMonitors',
'InflateRect',
'EqualRect',
'UpdateWindow',
'GetMonitorInfoW',
'MonitorFromPoint',
'MonitorFromRect',
'CharPrevW',
'GetMessageW',
'TranslateMessage',
'DispatchMessageW',
'CreatePopupMenu',
'GetMenuDefaultItem',
'SendNotifyMessageW',
'LockSetForegroundWindow',
'ChangeWindowMessageFilterEx',
'IntersectRect',
'MonitorFromWindow',
'IsWindowVisible',
'GetForegroundWindow',
'EnumWindows',
'GetParent',
'IsWindow',
'TranslateAcceleratorW',
'WaitMessage',
'GetWindowTextW',
'GetClientRect',
'TrackPopupMenuEx',
'SetActiveWindow',
'GetKeyState',
'GhostWindowFromHungWindow',
'RegisterClassW',
'LoadCursorW',
'SubtractRect',
'RedrawWindow',
'BeginDeferWindowPos',
'DeferWindowPos',
'EndDeferWindowPos',
'InvalidateRect',
'OffsetRect',
'SendMessageTimeoutW',
'SetWindowRgn',
'UpdateLayeredWindowIndirect',
'GetWindowRgnBox',
'LoadImageW',
'GetWindowPlacement',
'SetForegroundWindow',
'GetLastInputInfo',
'RemovePropW',
'GetLastActivePopup',
'SwitchToThisWindow',
'MessageBeep',
'GetActiveWindow',
'GetFocus',
'SetCursor',
'UnregisterHotKey',
'RegisterHotKey',
'SendDlgItemMessageW',
'EndDialog',
'GetDesktopWindow',
'GetAsyncKeyState',
'ChildWindowFromPoint',
'SetCursorPos',
'GetMessagePos',
'BeginPaint',
'FillRect',
'DrawEdge',
'EndPaint',
'GetSystemMenu',
'EnableMenuItem',
'ExitWindowsEx',
'LoadIconW',
'DestroyIcon',
'IsIconic',
'DeleteMenu',
'CheckMenuItem',
'ModifyMenuW',
'WindowFromPoint',
'ClientToScreen',
'TrackPopupMenu',
'IsHungAppWindow',
'GetWindowThreadProcessId',
'AppendMenuW',
'CascadeWindows',
'TileWindows',
'LockWorkStation',
'ScreenToClient',
'RegisterClipboardFormatW',
'NotifyWinEvent',
'GetSysColor',
'DrawFocusRect',
'AdjustWindowRectEx',
'CopyIcon',
'MsgWaitForMultipleObjects',
'SetWinEventHook',
'RegisterClassExW',
'GetDlgItem',
'EnableWindow',
'GetDlgItemInt',
'SetDlgItemInt',
'IsDlgButtonChecked',
'IsWindowEnabled',
'CheckDlgButton',
'CallWindowProcW',
'SetCapture',
'DrawTextW',
'AdjustWindowRect',
'CalculatePopupWindowPosition',
'GetMessageExtraInfo',
'GetCapture',
'SetGestureConfig',
'DrawIconEx',
'RemoveMenu',
'SetMenuDefaultItem',
'LoadMenuW',
'GetSubMenu',
'AllowSetForegroundWindow',
'LoadAcceleratorsW',
'TrackMouseEvent',
'CharNextW',
'GetWindow',
'GetSysColorBrush',
'GetPropW',
'HungWindowFromGhostWindow',
'SetWindowCompositionAttribute',
'GetWindowLongW',
'MsgWaitForMultipleObjectsEx',
'EnumChildWindows',
'SendMessageW',
'PtInRect',
'GetKeyboardLayout',
'GetWindowRect',
'DestroyMenu',
'SystemParametersInfoW',
'ShowWindow',
'MapWindowPoints',
'SetTimer',
'SetPropW',
'KillTimer',
'SetWindowPos',
'GetWindowLongPtrW',
'PostQuitMessage',
'SetWindowLongPtrW',
'DestroyWindow',
'ShutdownBlockReasonCreate',
'LoadStringW',
'PostMessageW',
'PeekMessageW',
'ReleaseDC',
'GetDC',
'FindWindowW',
'GetSystemMetrics',
'GetShellWindow',
'GetClassNameW',
'_vsnwprintf',
'free',
'wcsstr',
'iswalpha',
'wcschr',
'realloc',
'_wcsicmp',
'cosf',
'_wtoi',
'memcmp',
'sqrt',
'ceil',
'bsearch',
'__wgetmainargs',
'__C_specific_handler',
'_XcptFilter',
'_exit',
'_cexit',
'exit',
'_wcmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'?terminate@@YAXXZ',
'_onexit',
'_lock',
'__dllonexit',
'_unlock',
'__set_app_type',
'memmove',
'memcpy',
'memset',
'_fmode',
'malloc',
'sin',
'WinSqmSetString',
'WinSqmSetDWORD',
'WinSqmAddToStreamEx',
'NtSetSystemInformation',
'WinSqmAddToStream',
'WinSqmEventEnabled',
'WinSqmIsOptedIn',
'NtSetInformationProcess',
'NtQueryInformationToken',
'NtOpenProcessToken',
'NtClose',
'NtOpenThreadToken',
'RtlGetProductInfo',
'EtwEventEnabled',
'EtwEventWrite',
'NtQueryInformationProcess',
'StrStrIW',
'AssocQueryStringW',
'PathQuoteSpacesW',
'SHDeleteKeyW',
'SHRegGetUSValueW',
'PathIsNetworkPathW',
'SHOpenRegStream2W',
'SHRegGetBoolUSValueW',
'SHStrDupW',
'StrChrIW',
'PathFileExistsW',
'PathGetDriveNumberW',
'PathRemoveFileSpecW',
'PathIsDirectoryW',
'SHRegGetValueW',
'ChrCmpIW',
'AssocQueryKeyW',
'PathStripPathW',
'PathIsRootW',
'PathParseIconLocationW',
'StrCmpIW',
'StrCmpW',
'PathIsPrefixW',
'SHCreateStreamOnFileW',
'SHQueryInfoKeyW',
'StrCmpNW',
'StrTrimW',
'PathStripToRootW',
'StrRetToBufW',
'PathCommonPrefixW',
'SHStrDupA',
'PathRemoveExtensionW',
'PathIsFileSpecW',
'AssocCreate',
'StrRetToStrW',
'StrToIntW',
'StrChrW',
'PathCombineW',
'SHCreateThreadRef',
'SHSetThreadRef',
'SHGetValueW',
'PathFindFileNameW',
'PathRemoveArgsW',
'PathRemoveBlanksW',
'StrCmpNIW',
'PathGetArgsW',
'SHSetValueW',
'SHDeleteValueW',
'PathAppendW',
'PathFindExtensionW',
'SHCreateDataObject',
'SHGetLocalizedName',
'Shell_GetCachedImageIndexW',
'SHGetStockIconInfo',
'SHGetPropertyStoreForWindow',
'SHGetSpecialFolderLocation',
'SHCreateItemWithParent',
'SHBindToFolderIDListParent',
'SHBindToFolderIDListParentEx',
'SHChangeNotify',
'SHGetFileInfoW',
'SHParseDisplayName',
'SHGetFolderLocation',
'SHGetSpecialFolderPathW',
'SHBindToObject',
'SHGetKnownFolderIDList',
'ShellExecuteExW',
'SHGetNameFromIDList',
'SHCreateShellItem',
'SHChangeNotifyRegisterThread',
'SHGetPathFromIDListW',
'SHFileOperationW',
'SHGetFolderPathEx',
'SHUpdateRecycleBinIcon',
'SHBindToParent',
'SHGetFolderPathW',
'SHGetPathFromIDListA',
'ShellExecuteW',
'SHEnableServiceObject',
'SHGetIDListFromObject',
'SHCreateItemFromIDList',
'SHAddToRecentDocs',
'Shell_NotifyIconW',
'Shell_NotifyIconGetRect',
'ExtractIconExW',
'SHEvaluateSystemCommandTemplate',
'SHCreateShellItemArrayFromIDLists',
'DragQueryFileW',
'SHGetKnownFolderPath',
'SHCreateShellItemArrayFromShellItem',
'SHCreateItemFromParsingName',
'CoInitializeEx',
'CLSIDFromString',
'CoGetMalloc',
'CoGetInterfaceAndReleaseStream',
'RevokeDragDrop',
'RegisterDragDrop',
'CoUninitialize',
'CoInitialize',
'CoMarshalInterThreadInterfaceInStream',
'CoFreeUnusedLibraries',
'CoRegisterMessageFilter',
'StringFromGUID2',
'OleUninitialize',
'OleInitialize',
'CoRevokeClassObject',
'CoRegisterClassObject',
'CoCreateInstance',
'CoTaskMemFree',
'CreateStreamOnHGlobal',
'ReleaseStgMedium',
'PropVariantClear',
'CreateBindCtx',
'CoTaskMemAlloc',
'CoCreateFreeThreadedMarshaler',
'VariantInit',
'VariantClear',
'SysAllocStringByteLen',
'SysAllocStringLen',
'SysAllocString',
'SysFreeString',
'GetThemeBackgroundExtent',
'GetThemeBackgroundRegion',
'GetThemeColor',
'IsThemePartDefined',
'GetThemeRect',
'DrawThemeIcon',
'GetBufferedPaintBits',
'BufferedPaintClear',
'IsAppThemed',
'IsCompositionActive',
'OpenThemeData',
'CloseThemeData',
'SetWindowTheme',
'GetThemeMetric',
'DrawThemeBackground',
'GetThemeTextExtent',
'DrawThemeText',
'GetThemeBool',
'DrawThemeParentBackground',
'GetWindowTheme',
'GetThemeBackgroundContentRect',
'GetThemePartSize',
'BeginBufferedPaint',
'DrawThemeTextEx',
'EndBufferedPaint',
'GetThemeMargins',
'BufferedPaintInit',
'BufferedPaintUnInit',
'IsThemeActive',
'CallNtPowerInformation',
'PowerDeterminePlatformRole',
'GetPwrCapabilities',
'DwmEnableBlurBehindWindow',
'DwmSetWindowAttribute',
'DwmIsCompositionEnabled',
'DwmQueryThumbnailSourceSize',
'DwmUpdateThumbnailProperties',
'DwmUnregisterThumbnail',
'SLGetWindowsInformationDWORD',
'GdipSetInterpolationMode',
'GdipDrawImageRectI',
'GdipCloneImage',
'GdipGetImageWidth',
'GdipGetImageHeight',
'GdipCreateBitmapFromHBITMAP',
'GdiplusStartup',
'GdiplusShutdown',
'GdipFree',
'GdipAlloc',
'GdipDisposeImage',
'GdipCreateFromHDC',
'GdipDeleteGraphics',
'GdipSetCompositingMode',
'GetUserNameExW',
'NdrClientCall3',
'I_RpcExceptionFilter',
'RpcStringFreeW',
'RpcBindingFree',
'RpcBindingSetAuthInfoExW',
'RpcStringBindingComposeW',
'RpcBindingFromStringBindingW',
'PSCreateMemoryPropertyStore',
'VariantToStringAlloc',
'VariantToStringWithDefault',
'PropVariantToString',
'VariantToBooleanWithDefault',
'PropVariantToInt64',
'VariantToInt32WithDefault',
'PropVariantToBoolean',
'PropVariantToUInt64',
'PropVariantToUInt32',
'PropVariantToStringAlloc'],
'LinkerVersion': 187,
'NumberOfImportDLL': 19,
'NumberOfImportFunctions': 703,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 1846912,
'SectionNames': {'.data\x00\x00\x00': 14848,
'.pdata\x00\x00': 52736,
'.rdata\x00\x00': 191488,
'.reloc\x00\x00': 10240,
'.rsrc\x00\x00\x00': 1847296,
'.text\x00\x00\x00': 752128},
'StackReserveSize': 524288,
'filename': './data/malware/6ad07f6615e9de8713b14fb4e12c95960fa24731a94a6e1e540e4f354e842b25'},
'6ae6183b55c18e6ace0216cd0903f3cef52ae00f2dbf0461fc4c66e6e7249854': {'AddressOfEntryPoint': 39104,
'DebugRVA': 9360,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 8192,
'ImageBase': 4294967296,
'ImageVersion': 5,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 5,
'ResSize': 3440,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 2048,
'.rsrc\x00\x00\x00': 346624,
'.text\x00\x00\x00': 57344},
'StackReserveSize': 524288,
'filename': './data/malware/6ae6183b55c18e6ace0216cd0903f3cef52ae00f2dbf0461fc4c66e6e7249854'},
'6b2a17901118712076fc578b12cb46b892d2824f6935297d919af61763ef8608': {'AddressOfEntryPoint': 8912,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 49152,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 8,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 4,
'OSVersion': 4,
'ResSize': 0,
'SectionNames': {'.data\x00\x00\x00': 5632,
'.pdata\x00\x00': 3072,
'.rdata\x00\x00': 15872,
'.text\x00\x00\x00': 44032},
'StackReserveSize': 1048576,
'filename': './data/malware/6b2a17901118712076fc578b12cb46b892d2824f6935297d919af61763ef8608'},
'6b7b54a29b8ab08b35d1a0d83b49249741526e4f2153c7192b06ee90c443a9d1': {'AddressOfEntryPoint': 95629,
'DebugRVA': 400492,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 401408,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'EventWrite',
'COMCTL32.dll': 'PropertySheetW',
'GDI32.dll': 'SetBkColor',
'KERNEL32.dll': 'InitializeCriticalSection',
'OLEAUT32.dll': 'VariantInit',
'RPCRT4.dll': 'UuidCreate',
'SHELL32.dll': 'ShellExecuteExW',
'USER32.dll': 'DestroyWindow',
'UxTheme.dll': 'IsThemeActive',
'VERSION.dll': 'GetFileVersionInfoExW',
'WINMM.dll': 'timeGetTime',
'gdiplus.dll': 'GdipGetImageGraphicsContext',
'msvcrt.dll': '_wcsrev',
'ntdll.dll': 'NtQueryLicenseValue',
'ole32.dll': 'CoCreateInstance'},
'ImportedFunctions': ['SHGetSpecialFolderPathW',
'SHGetFolderPathW',
'ShellAboutW',
'ShellExecuteExW',
'GdipCloneImage',
'GdipCreateBitmapFromScan0',
'GdipCreateHBITMAPFromBitmap',
'GdipCreateFromHDC',
'GdipDrawImageRectI',
'GdipCreateBitmapFromHBITMAP',
'GdipCloneBitmapAreaI',
'GdipSetPageUnit',
'GdipFillRectangleI',
'GdipDeletePen',
'GdipCreatePen1',
'GdipDisposeImage',
'GdipCreateSolidFill',
'GdipDeleteBrush',
'GdipAlloc',
'GdipFree',
'GdiplusShutdown',
'GdiplusStartup',
'GdipDrawArcI',
'GdipSetSmoothingMode',
'GdipSetInterpolationMode',
'GdipDeleteGraphics',
'GdipDrawLineI',
'GdipGetImageGraphicsContext',
'RegEnumKeyExW',
'RegOpenKeyExW',
'RegEnumValueW',
'RegGetValueW',
'RegDeleteKeyW',
'RegQueryInfoKeyW',
'RegQueryValueExW',
'RegSetValueExW',
'QueryServiceConfigW',
'OpenServiceW',
'OpenSCManagerW',
'CloseServiceHandle',
'EventUnregister',
'EventRegister',
'RegCloseKey',
'RegCreateKeyExW',
'EventWrite',
'SysFreeString',
'SysAllocStringByteLen',
'VariantClear',
'SysStringLen',
'SysAllocString',
'VariantInit',
'IsThemeActive',
'CoUninitialize',
'CoInitialize',
'CoCreateInstance',
'ImageList_Destroy',
'ImageList_Create',
'ImageList_Add',
'CreatePropertySheetPageW',
'PropertySheetW',
'WinSqmAddToStreamEx',
'RtlInitUnicodeString',
'WinSqmAddToStream',
'WinSqmIncrementDWORD',
'NtQueryLicenseValue',
'lstrlenA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'WideCharToMultiByte',
'GetVersionExA',
'DeleteCriticalSection',
'GetCurrentProcessId',
'LeaveCriticalSection',
'GetModuleHandleW',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceW',
'FindResourceExW',
'GetSystemTime',
'WaitForSingleObject',
'CreateEventW',
'CreateThread',
'ResetEvent',
'SetEvent',
'CloseHandle',
'GlobalSize',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'lstrcmpW',
'MulDiv',
'GlobalFindAtomW',
'GetLastError',
'MultiByteToWideChar',
'GetLocalTime',
'GetDateFormatW',
'GetLocaleInfoW',
'WritePrivateProfileStringW',
'GetPrivateProfileStringW',
'lstrcmpiW',
'LoadLibraryW',
'GetProcAddress',
'GetLocaleInfoEx',
'FreeLibrary',
'LoadLibraryExA',
'DelayLoadFailureHook',
'HeapAlloc',
'GetCurrentProcess',
'HeapFree',
'GetProcessHeap',
'Wow64DisableWow64FsRedirection',
'GetVersionExW',
'Wow64RevertWow64FsRedirection',
'GetFileAttributesW',
'GetModuleFileNameW',
'FreeLibraryAndExitThread',
'IsWow64Process',
'LocalFree',
'LocalAlloc',
'LocalReAlloc',
'GetProfileStringW',
'lstrlenW',
'CompareStringW',
'RegisterApplicationRecoveryCallback',
'ApplicationRecoveryInProgress',
'Sleep',
'ApplicationRecoveryFinished',
'RegisterApplicationRestart',
'GetTempFileNameW',
'SystemTimeToFileTime',
'CompareFileTime',
'FileTimeToSystemTime',
'CreateFileW',
'DeleteFileW',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'HeapDestroy',
'HeapReAlloc',
'HeapSize',
'RaiseException',
'EnterCriticalSection',
'InitializeCriticalSection',
'SetWindowLongW',
'SetWindowLongPtrW',
'GetWindowLongPtrW',
'EnableWindow',
'GetWindowTextLengthW',
'GetWindowTextW',
'PostMessageW',
'IsWindowEnabled',
'CharNextA',
'IsClipboardFormatAvailable',
'GetMenuState',
'GetFocus',
'OpenClipboard',
'GetClipboardData',
'InvalidateRect',
'CloseClipboard',
'EmptyClipboard',
'SetClipboardData',
'PostQuitMessage',
'DefWindowProcW',
'LoadAcceleratorsW',
'InsertMenuItemW',
'RegisterClassExW',
'SetWindowPlacement',
'SetForegroundWindow',
'GetMessageW',
'TranslateAcceleratorW',
'GetMessageExtraInfo',
'TranslateMessage',
'DispatchMessageW',
'GetKeyState',
'IsDialogMessageW',
'GetClassNameW',
'GetDC',
'ReleaseDC',
'GetSystemMetrics',
'GetWindowLongW',
'DrawTextW',
'EnumChildWindows',
'SetPropW',
'SystemParametersInfoW',
'GetWindowPlacement',
'UpdateWindow',
'SendDlgItemMessageW',
'IsDlgButtonChecked',
'MoveWindow',
'SetDlgItemInt',
'GetDlgItemInt',
'SetClassLongW',
'GetNextDlgTabItem',
'MonitorFromWindow',
'GetMonitorInfoW',
'OffsetRect',
'EqualRect',
'MonitorFromRect',
'GetClassWord',
'EnumDesktopWindows',
'EnumDisplayMonitors',
'IntersectRect',
'CopyRect',
'CreateDialogParamW',
'GetProcessDefaultLayout',
'CreatePopupMenu',
'TrackPopupMenu',
'GetAncestor',
'FindWindowW',
'DialogBoxParamW',
'CheckMenuItem',
'GetSysColor',
'SetClassLongPtrW',
'GetClassLongPtrW',
'EndDialog',
'SetWindowPos',
'GetDlgItem',
'GetWindowRect',
'SendMessageW',
'MessageBeep',
'LoadCursorW',
'SetCursor',
'DrawMenuBar',
'SetMenuItemInfoW',
'AppendMenuW',
'LoadStringW',
'GetSubMenu',
'RemoveMenu',
'CheckMenuRadioItem',
'SetFocus',
'MapWindowPoints',
'EnableMenuItem',
'GetParent',
'GetMenu',
'GetClientRect',
'LoadImageW',
'UnregisterClassA',
'FillRect',
'SetWindowTextW',
'ShowWindow',
'CreateWindowExW',
'CheckRadioButton',
'DestroyWindow',
'UuidToStringW',
'RpcStringFreeW',
'UuidCreate',
'timeGetTime',
'VerQueryValueW',
'GetFileVersionInfoSizeExW',
'GetFileVersionInfoExW',
'CreatePatternBrush',
'DeleteObject',
'SetBkMode',
'SelectObject',
'GetTextExtentPointW',
'DeleteDC',
'GetRgnBox',
'CreateSolidBrush',
'GetTextMetricsW',
'GetTextExtentPoint32W',
'GetObjectW',
'ExtCreatePen',
'MoveToEx',
'LineTo',
'CreateCompatibleBitmap',
'CreateRectRgn',
'CreateRectRgnIndirect',
'SetRectRgn',
'CombineRgn',
'EqualRgn',
'CreateDIBSection',
'CreateFontIndirectW',
'CreateCompatibleDC',
'GetDeviceCaps',
'SetTextColor',
'GetStockObject',
'SetBkColor',
'_wcsdup',
'_i64tow_s',
'_wtoi64',
'sprintf_s',
'_strtoi64',
'_strtoui64',
'memchr',
'strcspn',
'wcsrchr',
'wcstoul',
'isalpha',
'time',
'difftime',
'memmove',
'memset',
'__C_specific_handler',
'??0exception@@QEAA@AEBQEBDH@Z',
'_CxxThrowException',
'_callnewh',
'__CxxFrameHandler3',
'setlocale',
'__pctype_func',
'___lc_codepage_func',
'___lc_handle_func',
'localeconv',
'_errno',
'___mb_cur_max_func',
'__mb_cur_max',
'__crtGetStringTypeW',
'__crtLCMapStringW',
'__uncaught_exception',
'tolower',
'isspace',
'abort',
'isalnum',
'__getmainargs',
'_XcptFilter',
'_exit',
'_ismbblead',
'_cexit',
'_acmdln',
'_initterm',
'_amsg_exit',
'__setusermatherr',
'_commode',
'_fmode',
'__set_app_type',
'??1type_info@@UEAA@XZ',
'_unlock',
'__dllonexit',
'_lock',
'_onexit',
'?terminate@@YAXXZ',
'iswalpha',
'iswdigit',
'_wcslwr_s',
'_wcsnicmp',
'wcsncmp',
'_itow_s',
'calloc',
'wcschr',
'_wcsicmp',
'_itoa',
'_wtoi',
'_vsnwprintf',
'wcscat_s',
'wcscpy_s',
'wcstol',
'mbstowcs_s',
'exit',
'isdigit',
'isxdigit',
'toupper',
'_purecall',
'malloc',
'??0exception@@QEAA@XZ',
'memmove_s',
'??0exception@@QEAA@AEBQEBD@Z',
'??1exception@@UEAA@XZ',
'?what@exception@@UEBAPEBDXZ',
'memcpy_s',
'??0exception@@QEAA@AEBV0@@Z',
'free',
'memcpy',
'_wcsrev'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 370,
'NumberOfSections': 6,
'OSVersion': 6,
'ResSize': 403352,
'SectionNames': {'.data\x00\x00\x00': 19968,
'.pdata\x00\x00': 26112,
'.rdata\x00\x00': 69632,
'.reloc\x00\x00': 1024,
'.rsrc\x00\x00\x00': 403456,
'.text\x00\x00\x00': 396800},
'StackReserveSize': 524288,
'filename': './data/malware/6b7b54a29b8ab08b35d1a0d83b49249741526e4f2153c7192b06ee90c443a9d1'},
'6bb4f7b217fa108f6d218aa8acf1c7ca741577073009ed5d265003f05fc09fcd': {'AddressOfEntryPoint': 1381712,
'DebugRVA': 1555264,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 1548288,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 8,
'OSVersion': 5,
'ResSize': 364580,
'SectionNames': {'.data\x00\x00\x00': 32768,
'.pdata\x00\x00': 77824,
'.rdata\x00\x00': 552960,
'.reloc\x00\x00': 78336,
'.rsrc\x00\x00\x00': 365056,
'.text\x00\x00\x00': 1540608,
'data\x00\x00\x00\x00': 2048,
'text\x00\x00\x00\x00': 3072},
'StackReserveSize': 1048576,
'filename': './data/malware/6bb4f7b217fa108f6d218aa8acf1c7ca741577073009ed5d265003f05fc09fcd'},
'6bd17fc3a63470b20bba539be198ea59d800ced03b8362484fce9291e8c22928': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 263180,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 263680,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/6bd17fc3a63470b20bba539be198ea59d800ced03b8362484fce9291e8c22928'},
'6be1e343201b56ea7491d6f5be72ac9d4bf41a16920804d7e0f04cefd562d028': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 427200,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 427520,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/6be1e343201b56ea7491d6f5be72ac9d4bf41a16920804d7e0f04cefd562d028'},
'6bedfe4ecf7dd924c6374437f1d6e4199b121531cdf20df007c828999198b8bb': {'AddressOfEntryPoint': 4096,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 42980,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'COMCTL32.dll': 'InitCommonControlsEx',
'GDI32.dll': 'SetPixel',
'KERNEL32.dll': 'ReleaseSemaphore',
'OLE32.dll': 'RevokeDragDrop',
'USER32.dll': 'DestroyIcon',
'msvcrt.dll': '_vsnwprintf'},
'ImportedFunctions': ['memset',
'free',
'malloc',
'wcscmp',
'wcsncmp',
'fclose',
'fabs',
'ceil',
'floor',
'wcslen',
'memmove',
'_vsnwprintf',
'GetModuleHandleW',
'HeapCreate',
'HeapDestroy',
'ExitProcess',
'EnterCriticalSection',
'WaitForSingleObject',
'LeaveCriticalSection',
'InitializeCriticalSection',
'CloseHandle',
'CreateThread',
'GetCurrentThreadId',
'GetCurrentProcessId',
'Sleep',
'FreeLibrary',
'HeapFree',
'LoadLibraryW',
'WideCharToMultiByte',
'GetProcAddress',
'HeapAlloc',
'SetLastError',
'TlsAlloc',
'TlsGetValue',
'TlsSetValue',
'HeapReAlloc',
'WaitForMultipleObjects',
'GetCurrentProcess',
'GetCurrentThread',
'DuplicateHandle',
'CreateSemaphoreA',
'ReleaseSemaphore',
'CoInitialize',
'RevokeDragDrop',
'MessageBoxW',
'GetWindowThreadProcessId',
'IsWindowVisible',
'IsWindowEnabled',
'GetForegroundWindow',
'EnableWindow',
'EnumWindows',
'DestroyWindow',
'SetWindowTextW',
'ShowWindow',
'GetSysColor',
'GetSysColorBrush',
'CreateWindowExW',
'SendMessageW',
'RedrawWindow',
'GetWindowLongPtrW',
'CallWindowProcW',
'RemovePropW',
'SetWindowLongPtrW',
'DefWindowProcW',
'SetPropW',
'GetPropW',
'GetParent',
'GetWindow',
'SetActiveWindow',
'UnregisterClassW',
'DestroyAcceleratorTable',
'LoadIconW',
'LoadCursorW',
'SetTimer',
'IsZoomed',
'IsIconic',
'PeekMessageW',
'MsgWaitForMultipleObjects',
'GetMessageW',
'GetActiveWindow',
'TranslateAcceleratorW',
'TranslateMessage',
'DispatchMessageW',
'RegisterClassW',
'AdjustWindowRectEx',
'GetSystemMetrics',
'GetWindowRect',
'CreateAcceleratorTableW',
'SetCursorPos',
'LoadImageW',
'SetCursor',
'MapWindowPoints',
'MoveWindow',
'SystemParametersInfoW',
'GetKeyState',
'SetCapture',
'PostMessageW',
'GetCursorPos',
'ReleaseCapture',
'SetFocus',
'GetFocus',
'IsChild',
'GetClassNameW',
'EnumChildWindows',
'GetClientRect',
'FillRect',
'DefFrameProcW',
'DestroyIcon',
'GetStockObject',
'SetTextColor',
'SetBkColor',
'CreateSolidBrush',
'DeleteObject',
'GetObjectType',
'GetObjectW',
'CreateCompatibleDC',
'GetDIBits',
'DeleteDC',
'CreateDIBSection',
'SelectObject',
'BitBlt',
'CreateBitmap',
'SetPixel',
'InitCommonControls',
'InitCommonControlsEx'],
'LinkerVersion': 2,
'NumberOfImportDLL': 6,
'NumberOfImportFunctions': 125,
'NumberOfSections': 6,
'OSVersion': 4,
'ResSize': 1612,
'SectionNames': {'.code\x00\x00\x00': 3584,
'.data\x00\x00\x00': 5632,
'.pdata\x00\x00': 2048,
'.rdata\x00\x00': 2560,
'.rsrc\x00\x00\x00': 2048,
'.text\x00\x00\x00': 23040},
'StackReserveSize': 1048576,
'filename': './data/malware/6bedfe4ecf7dd924c6374437f1d6e4199b121531cdf20df007c828999198b8bb'},
'6c98b9d6d3b9680c0f0ad39b3fdfc59cbd45a668041bf2dfdc53ee0bf121fcd9': {'AddressOfEntryPoint': 5160,
'DebugRVA': 4528,
'DebugSize': 28,
'Dll': 33120,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 5368709120,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 10,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 330636,
'SectionNames': {'.data\x00\x00\x00': 512,
'.pdata\x00\x00': 512,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 330752,
'.text\x00\x00\x00': 8704},
'StackReserveSize': 524288,
'filename': './data/malware/6c98b9d6d3b9680c0f0ad39b3fdfc59cbd45a668041bf2dfdc53ee0bf121fcd9'},
'6cb6c44e78447e34cd2815aa187381922067de877f0b267534603e7a1d8c84ea': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 195980,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 196096,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/6cb6c44e78447e34cd2815aa187381922067de877f0b267534603e7a1d8c84ea'},
'6cdf96b602ec10e4a9a713e471711c4fed02af7d40d435c484d9e55a045e6ba0': {'AddressOfEntryPoint': 1073901021,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 110592,
'ImageBase': 4194304,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'CreateSolidBrush',
'KERNEL32.dll': 'GetTickCount',
'USER32.dll': 'AppendMenuA',
'WINMM.dll': 'timeGetTime',
'hccutils.DLL': 'LoadBITMAP'},
'ImportedFunctions': ['timeGetTime',
'lstrcatA',
'VirtualQuery',
'GetSystemInfo',
'VirtualAlloc',
'VirtualProtect',
'GetStringTypeW',
'GetStringTypeA',
'GetLocaleInfoA',
'LCMapStringW',
'MultiByteToWideChar',
'LCMapStringA',
'HeapReAlloc',
'InitializeCriticalSection',
'FlushFileBuffers',
'SetStdHandle',
'IsBadCodePtr',
'IsBadWritePtr',
'IsBadReadPtr',
'RtlPcToFileHeader',
'GetCPInfo',
'GetOEMCP',
'GetACP',
'HeapCreate',
'HeapSetInformation',
'DeleteCriticalSection',
'GetFileType',
'SetHandleCount',
'GetEnvironmentStringsW',
'WideCharToMultiByte',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'GetModuleFileNameA',
'GetStdHandle',
'WriteFile',
'HeapSize',
'SetFilePointer',
'LeaveCriticalSection',
'EnterCriticalSection',
'CloseHandle',
'RaiseException',
'TlsGetValue',
'TlsSetValue',
'TlsFree',
'GetLastError',
'SetLastError',
'TlsAlloc',
'GetStartupInfoA',
'GetProcessHeap',
'HeapAlloc',
'HeapFree',
'GetCommandLineA',
'RtlUnwindEx',
'RtlCaptureContext',
'RtlLookupFunctionEntry',
'RtlVirtualUnwind',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'GetCurrentProcess',
'TerminateProcess',
'GetSystemTimeAsFileTime',
'GetCurrentProcessId',
'GetCurrentThreadId',
'QueryPerformanceFrequency',
'QueryPerformanceCounter',
'lstrcmpiA',
'GetModuleHandleA',
'lstrcpynA',
'LoadLibraryA',
'GetProcAddress',
'GetUserDefaultLangID',
'lstrcpyA',
'FreeLibrary',
'Sleep',
'GetVersionExA',
'ExitProcess',
'GetTickCount',
'CreatePopupMenu',
'EnumDisplayMonitors',
'DrawMenuBar',
'ModifyMenuA',
'SetTimer',
'DestroyAcceleratorTable',
'ClipCursor',
'RedrawWindow',
'GetForegroundWindow',
'GetDlgItem',
'EnableWindow',
'wsprintfA',
'GetSubMenu',
'TrackPopupMenuEx',
'GetWindowLongPtrA',
'DialogBoxParamA',
'LoadIconA',
'RegisterClassA',
'LoadMenuA',
'LoadAcceleratorsA',
'TranslateAcceleratorA',
'SetWindowLongA',
'SetWindowPos',
'EndDialog',
'ShowWindow',
'UpdateWindow',
'CreateWindowExA',
'RegisterClassExA',
'BeginPaint',
'EndPaint',
'DrawFocusRect',
'SetCursor',
'InflateRect',
'FrameRect',
'LoadCursorA',
'GetSystemMetrics',
'DeleteMenu',
'PostQuitMessage',
'DestroyWindow',
'KillTimer',
'CopyRect',
'CreateMenu',
'DefWindowProcA',
'GetWindowLongA',
'AdjustWindowRect',
'TrackPopupMenu',
'PostMessageA',
'IsRectEmpty',
'GetMenu',
'GetMenuItemInfoA',
'PeekMessageA',
'GetMessageA',
'TranslateMessage',
'DispatchMessageA',
'GetWindowRect',
'GetCursorPos',
'SetRect',
'GetDC',
'ReleaseDC',
'FindWindowA',
'SetForegroundWindow',
'WindowFromPoint',
'ScreenToClient',
'SetRectEmpty',
'MessageBoxA',
'SendMessageA',
'GetCursorInfo',
'GetIconInfo',
'DrawIconEx',
'DestroyCursor',
'GetClientRect',
'ClientToScreen',
'OffsetRect',
'PtInRect',
'DestroyMenu',
'SetMenu',
'LoadStringA',
'AppendMenuA',
'GetObjectA',
'GetDIBColorTable',
'GetStockObject',
'CreateCompatibleDC',
'CreateCompatibleBitmap',
'SelectObject',
'BitBlt',
'StretchBlt',
'DeleteDC',
'DeleteObject',
'CreateSolidBrush',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegSetValueExA',
'RegCreateKeyExA',
'RegCloseKey',
'FindResources',
'LoadBITMAP'],
'LinkerVersion': 8,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 174,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 6360,
'StackReserveSize': 1048576,
'filename': './data/malware/6cdf96b602ec10e4a9a713e471711c4fed02af7d40d435c484d9e55a045e6ba0'},
'6d475b148222e98a20f165c4868e212788247a4f8e0028afaf5f128c4d0aa715': {'AddressOfEntryPoint': 1013552,
'DebugRVA': 542972,
'DebugSize': 56,
'Dll': 0,
'ExportRVA': 991232,
'ExportSize': 836,
'IATRVA': 544768,
'ImageBase': 65536,
'ImageVersion': 5,
'ImportedDLL': {'HAL.dll': 'KeQueryPerformanceCounter',
'NDIS.SYS': 'NdisCopyBuffer',
'TDI.SYS': 'TdiMapUserRequest',
'ntoskrnl.exe': '__C_specific_handler'},
'ImportedFunctions': ['MmIsThisAnNtAsSystem',
'RtlUnicodeStringToInteger',
'RtlAppendUnicodeToString',
'ExLocalTimeToSystemTime',
'RtlTimeToTimeFields',
'RtlIpv4StringToAddressW',
'ZwEnumerateValueKey',
'KeReadStateEvent',
'KeWaitForSingleObject',
'KeReleaseMutex',
'_wcsicmp',
'wcschr',
'wcsncpy',
'ZwSetInformationThread',
'KeEnterCriticalRegion',
'KeLeaveCriticalRegion',
'KeQueryTimeIncrement',
'KeSetEvent',
'MmLockPagableSectionByHandle',
'ExInitializeNPagedLookasideList',
'KeInitializeDpc',
'KeInitializeTimer',
'KeSetTimerEx',
'KeDelayExecutionThread',
'ExDeleteNPagedLookasideList',
'ExAcquireFastMutex',
'ExReleaseFastMutex',
'ZwOpenKey',
'IoIs32bitProcess',
'ZwQueryValueKey',
'ZwSetValueKey',
'IoGetCurrentProcess',
'IoWMIRegistrationControl',
'IoGetFileObjectGenericMapping',
'RtlMapGenericMask',
'SeExports',
'RtlLengthSid',
'RtlCreateAcl',
'RtlAddAccessAllowedAce',
'ObGetObjectSecurity',
'RtlCreateSecurityDescriptor',
'RtlSetDaclSecurityDescriptor',
'RtlLengthSecurityDescriptor',
'SeSetSecurityDescriptorInfo',
'ZwQuerySystemInformation',
'IoGetDeviceObjectPointer',
'IoBuildDeviceIoControlRequest',
'IofCallDriver',
'ObfDereferenceObject',
'RtlLengthRequiredSid',
'RtlInitializeSid',
'RtlSubAuthoritySid',
'RtlGetAce',
'RtlAddAce',
'RtlGetDaclSecurityDescriptor',
'RtlGetOwnerSecurityDescriptor',
'RtlGetGroupSecurityDescriptor',
'RtlGetSaclSecurityDescriptor',
'RtlSelfRelativeToAbsoluteSD',
'ObSetSecurityObjectByPointer',
'VerSetConditionMask',
'RtlVerifyVersionInfo',
'ExNotifyCallback',
'ExCreateCallback',
'KeInitializeTimerEx',
'ExGetCurrentProcessorCounts',
'DbgBreakPoint',
'KeSetTargetProcessorDpc',
'KeBugCheck',
'ObfReferenceObject',
'PsGetCurrentProcessId',
'PsGetCurrentProcess',
'KeInsertQueueDpc',
'IoAllocateMdl',
'MmBuildMdlForNonPagedPool',
'ObReferenceObjectByHandle',
'IoFileObjectType',
'MmUnlockPages',
'MmProbeAndLockPages',
'ObDereferenceSecurityDescriptor',
'SeLockSubjectContext',
'SeAccessCheck',
'SeAppendPrivileges',
'SeFreePrivileges',
'SeUnlockSubjectContext',
'RtlQueryRegistryValues',
'ProbeForWrite',
'SeAssignSecurity',
'ObLogSecurityDescriptor',
'RtlSetBit',
'KeInitializeMutex',
'IoDeleteDevice',
'IoCreateSymbolicLink',
'IoCreateDevice',
'ExQueryDepthSList',
'KeReleaseInStackQueuedSpinLockFromDpcLevel',
'KeAcquireInStackQueuedSpinLockAtDpcLevel',
'KeReleaseInStackQueuedSpinLock',
'KeAcquireInStackQueuedSpinLock',
'ExpInterlockedPushEntrySList',
'ExpInterlockedPopEntrySList',
'MmQuerySystemSize',
'ZwClose',
'RtlCompareUnicodeString',
'RtlSetBits',
'RtlClearAllBits',
'RtlInitializeBitMap',
'RtlAreBitsSet',
'RtlFindClearRuns',
'RtlClearBits',
'RtlFindClearBitsAndSet',
'DbgPrint',
'ZwLoadDriver',
'RtlAppendUnicodeStringToString',
'KeResetEvent',
'RtlCopyUnicodeString',
'IofCompleteRequest',
'IoReleaseCancelSpinLock',
'IoAcquireCancelSpinLock',
'ExInterlockedAddUlong',
'MmMapLockedPagesSpecifyCache',
'IoFreeMdl',
'ExInterlockedInsertTailList',
'MmUnlockPagableImageSection',
'MmLockPagableDataSection',
'RtlUnicodeStringToAnsiString',
'KeClearEvent',
'KeCancelTimer',
'RtlInitUnicodeString',
'RtlPrefetchMemoryNonTemporal',
'MmMapLockedPages',
'IoRaiseInformationalHardError',
'RtlAnsiStringToUnicodeString',
'ExAllocatePoolWithTag',
'KeTestSpinLock',
'KeReleaseSpinLockFromDpcLevel',
'KeAcquireSpinLockAtDpcLevel',
'KeAcquireSpinLockRaiseToDpc',
'ExFreePoolWithTag',
'KeInitializeEvent',
'ExAllocatePoolWithTagPriority',
'KeReleaseSpinLock',
'KeNumberProcessors',
'ObReleaseObjectSecurity',
'KeBugCheckEx',
'InitializeSListHead',
'ZwCreateFile',
'ZwDeviceIoControlFile',
'__C_specific_handler',
'KeQueryPerformanceCounter',
'NdisRequest',
'NdisUnchainBufferAtFront',
'NdisFreePacket',
'NdisAllocatePacket',
'NdisCloseAdapter',
'NdisCancelSendPackets',
'NdisGetReceivedPacket',
'NdisCompletePnPEvent',
'NdisQueryAdapterInstanceName',
'NdisFreeMemory',
'NdisRegisterProtocol',
'NdisFreePacketPool',
'NdisAllocatePacketPoolEx',
'NdisOpenAdapter',
'NdisGetDriverHandle',
'NdisAllocateBuffer',
'NdisReturnPackets',
'NdisSetPacketPoolProtocolId',
'NdisCompleteBindAdapter',
'NdisReEnumerateProtocolBindings',
'NdisAllocateBufferPool',
'NdisFreeBufferPool',
'NdisDestroyBlockPool',
'NdisGetVersion',
'NdisGetRoutineAddress',
'NdisCopyBuffer',
'CTEBlockWithTracker',
'CTESystemUpTime',
'CTEBlock',
'CTEInitEvent',
'CTEScheduleDelayedEvent',
'CTESignal',
'CTEStartTimer',
'CTELogEvent',
'CTEInitTimer',
'TdiRegisterNetAddress',
'TdiDeregisterNetAddress',
'TdiProviderReady',
'TdiRegisterDeviceObject',
'TdiDeregisterDeviceObject',
'CTEInitialize',
'CTEScheduleEvent',
'TdiRegisterProvider',
'TdiDeregisterProvider',
'TdiPnPPowerRequest',
'TdiCopyMdlChainToMdlChain',
'TdiInitialize',
'TdiDeregisterPnPHandlers',
'TdiCopyBufferToMdlWithReservedMappingAtDpcLevel',
'TdiRegisterPnPHandlers',
'TdiCopyBufferToMdl',
'CTEInsertBlockTracker',
'CTERemoveBlockTracker',
'TdiMapUserRequest'],
'LinkerVersion': 8,
'NumberOfImportDLL': 4,
'NumberOfImportFunctions': 204,
'NumberOfSections': 11,
'OSVersion': 5,
'ResSize': 1008,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.edata\x00\x00': 1024,
'.pdata\x00\x00': 99840,
'.rdata\x00\x00': 96768,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 539136,
'INIT\x00\x00\x00\x00': 41472,
'PAGE\x00\x00\x00\x00': 11264,
'PAGEIPMc': 15360,
'PAGELK\x00\x00': 3072},
'StackReserveSize': 262144,
'filename': './data/malware/6d475b148222e98a20f165c4868e212788247a4f8e0028afaf5f128c4d0aa715'},
'6d5aa16e97689af6d6464aee85edd7160a929a2f0c351b43104eacd0adf1c042': {'AddressOfEntryPoint': 51656,
'DebugRVA': 5424,
'DebugSize': 28,
'Dll': 32832,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 9,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 151,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 647384,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 647680,
'.text\x00\x00\x00': 55296},
'StackReserveSize': 524288,
'filename': './data/malware/6d5aa16e97689af6d6464aee85edd7160a929a2f0c351b43104eacd0adf1c042'},
'6d7ea30f0b4a32dd8a6d26d3ff062317253bf0966c02be782b5b73e7b1149e5b': {'AddressOfEntryPoint': 107836,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 602112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'LineTo',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'SafeArrayAllocData',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'IsWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'IIDFromString'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'WideCharToMultiByte',
'lstrcpyW',
'MultiByteToWideChar',
'lstrlenW',
'lstrcmpiW',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'GetProcessHeap',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetLocalTime',
'CompareStringW',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetSystemDirectoryW',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetDateFormatW',
'GetTimeFormatW',
'EncodePointer',
'DecodePointer',
'ExitProcess',
'ExitThread',
'GetCommandLineW',
'GetStartupInfoW',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'FlsGetValue',
'FlsSetValue',
'FlsFree',
'SetLastError',
'FlsAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetStringTypeW',
'HeapSetInformation',
'GetVersion',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'SetFilePointer',
'GetTimeZoneInformation',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetTickCount',
'HeapReAlloc',
'WriteConsoleW',
'SetEndOfFile',
'LockResource',
'SetEnvironmentVariableA',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'LockWindowUpdate',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsCharLowerW',
'TrackPopupMenuEx',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'GetClipboardData',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'GetDesktopWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'IsCharAlphaNumericW',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'IsMenu',
'CloseClipboard',
'CloseWindowStation',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'IsClipboardFormatAvailable',
'OpenClipboard',
'BlockInput',
'SystemParametersInfoW',
'GetMessageW',
'IsWindow',
'DeleteObject',
'AngleArc',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'GetDeviceCaps',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'SetViewportOrgEx',
'GetObjectW',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'LineTo',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'LogonUserW',
'GetTokenInformation',
'LockServiceDatabase',
'GetSecurityDescriptorDacl',
'GetAclInformation',
'GetAce',
'AddAce',
'SetSecurityDescriptorDacl',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'InitiateSystemShutdownExW',
'OpenSCManagerW',
'RegCloseKey',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CLSIDFromString',
'StringFromGUID2',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'ProgIDFromCLSID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'IIDFromString',
'VarR8FromDec',
'VariantTimeToSystemTime',
'SysStringLen',
'VariantChangeType',
'VariantCopyInd',
'DispCallFunc',
'CreateStdDispatch',
'CreateDispTypeInfo',
'SysFreeString',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayUnaccessData',
'SafeArrayAccessData',
'VariantInit',
'VariantClear',
'VariantCopy',
'SysAllocString',
'SafeArrayCreateVector',
'SafeArrayAllocDescriptorEx',
'OleLoadPicture',
'GetActiveObject',
'QueryPathOfRegTypeLib',
'SafeArrayDestroyDescriptor',
'SafeArrayAllocData'],
'LinkerVersion': 10,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 519,
'NumberOfSections': 7,
'OSVersion': 5,
'ResSize': 37672,
'SectionNames': {'.data\x00\x00\x00': 30720,
'.pdata\x00\x00': 28672,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 596992,
'data\x00\x00\x00\x00': 18944,
'text\x00\x00\x00\x00': 7168},
'StackReserveSize': 4194304,
'filename': './data/malware/6d7ea30f0b4a32dd8a6d26d3ff062317253bf0966c02be782b5b73e7b1149e5b'},
'6da809b7eba9044a0f1f764c5436e0de8a0c5a7fe810b8adad4dff4812d99fd9': {'AddressOfEntryPoint': 119932,
'DebugRVA': 0,
'DebugSize': 0,
'Dll': 33024,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 618496,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'GetSecurityDescriptorDacl',
'COMCTL32.dll': 'ImageList_Destroy',
'COMDLG32.dll': 'GetOpenFileNameW',
'GDI32.dll': 'SetViewportOrgEx',
'KERNEL32.dll': 'SetEnvironmentVariableA',
'MPR.dll': 'WNetUseConnectionW',
'OLEAUT32.dll': 'VarR8FromDec',
'PSAPI.DLL': 'EnumProcessModules',
'SHELL32.dll': 'DragFinish',
'USER32.dll': 'GetDesktopWindow',
'USERENV.dll': 'LoadUserProfileW',
'VERSION.dll': 'GetFileVersionInfoSizeW',
'WININET.dll': 'InternetQueryDataAvailable',
'WINMM.dll': 'mciSendStringW',
'WSOCK32.dll': 'recv',
'ole32.dll': 'OleUninitialize'},
'ImportedFunctions': ['__WSAFDIsSet',
'setsockopt',
'ntohs',
'recvfrom',
'sendto',
'htons',
'select',
'listen',
'WSAStartup',
'bind',
'closesocket',
'connect',
'socket',
'send',
'WSACleanup',
'ioctlsocket',
'accept',
'WSAGetLastError',
'inet_addr',
'gethostbyname',
'gethostname',
'recv',
'VerQueryValueW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'timeGetTime',
'waveOutSetVolume',
'mciSendStringW',
'ImageList_Remove',
'ImageList_SetDragCursorImage',
'ImageList_BeginDrag',
'ImageList_DragEnter',
'ImageList_DragLeave',
'ImageList_EndDrag',
'ImageList_DragMove',
'ImageList_ReplaceIcon',
'ImageList_Create',
'InitCommonControlsEx',
'ImageList_Destroy',
'WNetCancelConnection2W',
'WNetGetConnectionW',
'WNetAddConnection2W',
'WNetUseConnectionW',
'InternetReadFile',
'InternetCloseHandle',
'InternetOpenW',
'InternetSetOptionW',
'InternetCrackUrlW',
'HttpQueryInfoW',
'InternetConnectW',
'HttpOpenRequestW',
'HttpSendRequestW',
'FtpOpenFileW',
'FtpGetFileSize',
'InternetOpenUrlW',
'InternetQueryOptionW',
'InternetQueryDataAvailable',
'EnumProcesses',
'GetModuleBaseNameW',
'GetProcessMemoryInfo',
'EnumProcessModules',
'CreateEnvironmentBlock',
'DestroyEnvironmentBlock',
'UnloadUserProfile',
'LoadUserProfileW',
'HeapAlloc',
'Sleep',
'GetCurrentThreadId',
'RaiseException',
'MulDiv',
'GetVersionExW',
'GetSystemInfo',
'MultiByteToWideChar',
'WideCharToMultiByte',
'GetModuleHandleW',
'QueryPerformanceCounter',
'VirtualFreeEx',
'OpenProcess',
'VirtualAllocEx',
'WriteProcessMemory',
'ReadProcessMemory',
'CreateFileW',
'SetFilePointerEx',
'ReadFile',
'WriteFile',
'FlushFileBuffers',
'TerminateProcess',
'CreateToolhelp32Snapshot',
'Process32FirstW',
'Process32NextW',
'SetFileTime',
'GetFileAttributesW',
'FindFirstFileW',
'FindClose',
'DeleteFileW',
'FindNextFileW',
'lstrcmpiW',
'MoveFileW',
'CopyFileW',
'CreateDirectoryW',
'RemoveDirectoryW',
'SetSystemPowerState',
'QueryPerformanceFrequency',
'FindResourceW',
'LoadResource',
'LockResource',
'SizeofResource',
'EnumResourceNamesW',
'OutputDebugStringW',
'GetProcessHeap',
'CompareStringW',
'CompareStringA',
'DeleteCriticalSection',
'EnterCriticalSection',
'LeaveCriticalSection',
'InitializeCriticalSectionAndSpinCount',
'GetStdHandle',
'CreatePipe',
'TerminateThread',
'GetTempPathW',
'GetTempFileNameW',
'VirtualFree',
'FormatMessageW',
'GetExitCodeProcess',
'SetErrorMode',
'GetPrivateProfileStringW',
'WritePrivateProfileStringW',
'GetPrivateProfileSectionW',
'WritePrivateProfileSectionW',
'GetPrivateProfileSectionNamesW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'SystemTimeToFileTime',
'LocalFileTimeToFileTime',
'GetDriveTypeW',
'GetDiskFreeSpaceExW',
'GetDiskFreeSpaceW',
'GetVolumeInformationW',
'SetVolumeLabelW',
'CreateHardLinkW',
'DeviceIoControl',
'SetFileAttributesW',
'GetShortPathNameW',
'CreateEventW',
'SetEvent',
'GetEnvironmentVariableW',
'SetEnvironmentVariableW',
'GlobalLock',
'GlobalUnlock',
'GlobalAlloc',
'GetFileSize',
'GlobalFree',
'GlobalMemoryStatusEx',
'Beep',
'GetComputerNameW',
'GetWindowsDirectoryW',
'GetSystemDirectoryW',
'GetCurrentProcessId',
'GetCurrentThread',
'GetProcessIoCounters',
'CreateProcessW',
'SetPriorityClass',
'LoadLibraryW',
'VirtualAlloc',
'LoadLibraryExW',
'HeapFree',
'WaitForSingleObject',
'CreateThread',
'DuplicateHandle',
'GetLastError',
'CloseHandle',
'GetCurrentProcess',
'GetProcAddress',
'LoadLibraryA',
'FreeLibrary',
'GetModuleFileNameW',
'GetFullPathNameW',
'ExitProcess',
'ExitThread',
'GetSystemTimeAsFileTime',
'ResumeThread',
'GetStartupInfoW',
'EncodePointer',
'DecodePointer',
'FlsGetValue',
'FlsSetValue',
'SetCurrentDirectoryW',
'IsDebuggerPresent',
'GetCurrentDirectoryW',
'FlsFree',
'SetLastError',
'FlsAlloc',
'HeapSize',
'RtlUnwindEx',
'GetCPInfo',
'GetACP',
'GetOEMCP',
'IsValidCodePage',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'RtlPcToFileHeader',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'SetHandleCount',
'GetFileType',
'GetStartupInfoA',
'SetStdHandle',
'GetConsoleCP',
'GetConsoleMode',
'LCMapStringW',
'LCMapStringA',
'SetFilePointer',
'GetTimeZoneInformation',
'GetDateFormatA',
'GetTimeFormatA',
'FreeEnvironmentStringsW',
'GetEnvironmentStringsW',
'GetCommandLineW',
'GetTickCount',
'HeapReAlloc',
'GetStringTypeA',
'GetStringTypeW',
'GetLocaleInfoA',
'WriteConsoleA',
'GetConsoleOutputCP',
'WriteConsoleW',
'CreateFileA',
'SetEndOfFile',
'GetLocalTime',
'SetEnvironmentVariableA',
'IsCharLowerW',
'IsCharUpperW',
'GetMenuStringW',
'GetSubMenu',
'GetCaretPos',
'IsZoomed',
'GetWindowLongW',
'MonitorFromPoint',
'GetMonitorInfoW',
'SetWindowLongW',
'SetLayeredWindowAttributes',
'FlashWindow',
'GetClassLongPtrW',
'TranslateAcceleratorW',
'IsDialogMessageW',
'GetSysColor',
'InflateRect',
'DrawFocusRect',
'DrawTextW',
'FrameRect',
'DrawFrameControl',
'FillRect',
'PtInRect',
'DestroyAcceleratorTable',
'CreateAcceleratorTableW',
'SetCursor',
'GetWindowDC',
'GetSystemMetrics',
'SetWindowLongPtrW',
'GetActiveWindow',
'CharNextW',
'wsprintfW',
'RedrawWindow',
'DrawMenuBar',
'DestroyMenu',
'SetMenu',
'GetWindowTextLengthW',
'CreateMenu',
'IsDlgButtonChecked',
'DefDlgProcW',
'ReleaseCapture',
'SetCapture',
'WindowFromPoint',
'DispatchMessageW',
'TranslateMessage',
'PeekMessageW',
'UnregisterHotKey',
'CharLowerBuffW',
'MonitorFromRect',
'LoadImageW',
'CreateIconFromResourceEx',
'mouse_event',
'ExitWindowsEx',
'SetActiveWindow',
'FindWindowExW',
'EnumThreadWindows',
'SetMenuDefaultItem',
'InsertMenuItemW',
'IsMenu',
'IsCharAlphaNumericW',
'GetCursorPos',
'DeleteMenu',
'CheckMenuRadioItem',
'GetMenuItemID',
'GetMenuItemCount',
'SetMenuItemInfoW',
'GetMenuItemInfoW',
'SetForegroundWindow',
'IsIconic',
'FindWindowW',
'IsClipboardFormatAvailable',
'keybd_event',
'SendInput',
'GetAsyncKeyState',
'SetKeyboardState',
'GetKeyboardState',
'GetKeyState',
'VkKeyScanW',
'LoadStringW',
'DialogBoxParamW',
'MessageBeep',
'EndDialog',
'SendDlgItemMessageW',
'GetDlgItem',
'SetWindowTextW',
'CopyRect',
'ReleaseDC',
'GetDC',
'EndPaint',
'BeginPaint',
'GetClientRect',
'GetMenu',
'DestroyWindow',
'EnumWindows',
'IsWindow',
'IsWindowEnabled',
'IsWindowVisible',
'EnableWindow',
'InvalidateRect',
'GetWindowLongPtrW',
'GetWindowThreadProcessId',
'AttachThreadInput',
'GetFocus',
'GetWindowTextW',
'ScreenToClient',
'SendMessageTimeoutW',
'EnumChildWindows',
'CharUpperBuffW',
'GetClassNameW',
'GetParent',
'GetDlgCtrlID',
'SendMessageW',
'MapVirtualKeyW',
'PostMessageW',
'GetWindowRect',
'SetUserObjectSecurity',
'GetUserObjectSecurity',
'CloseDesktop',
'CloseWindowStation',
'IsCharAlphaW',
'GetKeyboardLayoutNameW',
'ClientToScreen',
'RegisterHotKey',
'GetCursorInfo',
'SetWindowPos',
'CopyImage',
'AdjustWindowRectEx',
'SetRect',
'SetClipboardData',
'EmptyClipboard',
'CountClipboardFormats',
'CloseClipboard',
'TrackPopupMenuEx',
'GetClipboardData',
'OpenDesktopW',
'SetProcessWindowStation',
'GetProcessWindowStation',
'OpenWindowStationW',
'MessageBoxW',
'DefWindowProcW',
'MoveWindow',
'SetFocus',
'PostQuitMessage',
'KillTimer',
'CreatePopupMenu',
'RegisterWindowMessageW',
'SetTimer',
'ShowWindow',
'CreateWindowExW',
'RegisterClassExW',
'LoadIconW',
'LoadCursorW',
'GetSysColorBrush',
'GetForegroundWindow',
'MessageBoxA',
'DestroyIcon',
'OpenClipboard',
'BlockInput',
'GetMessageW',
'SystemParametersInfoW',
'LockWindowUpdate',
'GetDesktopWindow',
'DeleteObject',
'GetObjectW',
'GetTextExtentPoint32W',
'ExtCreatePen',
'StrokeAndFillPath',
'StrokePath',
'EndPath',
'SetPixel',
'CloseFigure',
'CreateCompatibleBitmap',
'CreateCompatibleDC',
'SelectObject',
'StretchBlt',
'GetDIBits',
'LineTo',
'AngleArc',
'MoveToEx',
'Ellipse',
'PolyDraw',
'BeginPath',
'Rectangle',
'GetDeviceCaps',
'SetBkMode',
'RoundRect',
'SetBkColor',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'CreateFontW',
'GetTextFaceW',
'GetStockObject',
'CreateDCW',
'GetPixel',
'DeleteDC',
'SetViewportOrgEx',
'GetSaveFileNameW',
'GetOpenFileNameW',
'RegEnumValueW',
'RegDeleteValueW',
'RegDeleteKeyW',
'RegSetValueExW',
'RegCreateKeyExW',
'GetUserNameW',
'RegConnectRegistryW',
'RegEnumKeyExW',
'CloseServiceHandle',
'UnlockServiceDatabase',
'LockServiceDatabase',
'OpenSCManagerW',
'InitiateSystemShutdownExW',
'AdjustTokenPrivileges',
'RegCloseKey',
'RegQueryValueExW',
'RegOpenKeyExW',
'OpenThreadToken',
'OpenProcessToken',
'LookupPrivilegeValueW',
'DuplicateTokenEx',
'CreateProcessAsUserW',
'CreateProcessWithLogonW',
'InitializeSecurityDescriptor',
'InitializeAcl',
'GetLengthSid',
'CopySid',
'SetSecurityDescriptorDacl',
'LogonUserW',
'GetTokenInformation',
'GetAclInformation',
'GetAce',
'AddAce',
'GetSecurityDescriptorDacl',
'DragQueryPoint',
'ShellExecuteExW',
'SHGetFolderPathW',
'DragQueryFileW',
'SHEmptyRecycleBinW',
'SHBrowseForFolderW',
'SHFileOperationW',
'SHGetPathFromIDListW',
'SHGetDesktopFolder',
'SHGetMalloc',
'ExtractIconExW',
'Shell_NotifyIconW',
'ShellExecuteW',
'DragFinish',
'OleSetMenuDescriptor',
'MkParseDisplayName',
'OleSetContainedObject',
'CoInitialize',
'CoUninitialize',
'CoCreateInstance',
'CreateStreamOnHGlobal',
'CoTaskMemAlloc',
'CoTaskMemFree',
'CLSIDFromString',
'StringFromCLSID',
'IIDFromString',
'StringFromIID',
'OleInitialize',
'CreateBindCtx',
'CLSIDFromProgID',
'CoInitializeSecurity',
'CoCreateInstanceEx',
'CoSetProxyBlanket',
'OleUninitialize',
'SafeArrayAllocData',
'SafeArrayAllocDescriptorEx',
'SysAllocString',
'OleLoadPicture',
'SafeArrayGetVartype',
'SafeArrayDestroyData',
'SafeArrayAccessData',
'VariantInit',
'VariantCopy',
'VariantClear',
'VariantTimeToSystemTime',
'SafeArrayDestroyDescriptor',
'LoadRegTypeLib',
'GetActiveObject',
'SafeArrayUnaccessData',
'VarR8FromDec'],
'LinkerVersion': 9,
'NumberOfImportDLL': 16,
'NumberOfImportFunctions': 517,
'NumberOfSections': 5,
'OSVersion': 5,
'ResSize': 37528,
'SectionNames': {'.data\x00\x00\x00': 30208,
'.pdata\x00\x00': 27648,
'.rdata\x00\x00': 88064,
'.rsrc\x00\x00\x00': 37888,
'.text\x00\x00\x00': 613376},
'StackReserveSize': 4194304,
'filename': './data/malware/6da809b7eba9044a0f1f764c5436e0de8a0c5a7fe810b8adad4dff4812d99fd9'},
'6daccdfab365667009132e7c938a6dceab09dbf11d9df8678cc7dcfe8abc3973': {'AddressOfEntryPoint': 1074947281,
'DebugRVA': 851744,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 847872,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'COMCTL32.dll': 'PropertySheetW',
'COMDLG32.dll': 'ChooseFontW',
'GDI32.dll': 'DeleteObject',
'KERNEL32.dll': 'GetLogicalDrives',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'SHGetSpecialFolderLocation',
'SHLWAPI.dll': 'SHAutoComplete',
'USER32.dll': 'BeginPaint',
'UxTheme.dll': 'IsThemeActive',
'ole32.dll': 'CoInitializeEx'},
'ImportedFunctions': ['InitCommonControlsEx',
'ImageList_ReplaceIcon',
'CreateStatusWindowW',
'ImageList_Destroy',
'ImageList_Create',
'ImageList_Remove',
'ImageList_Add',
'ImageList_AddMasked',
'PropertySheetW',
'StrCmpLogicalW',
'SHAutoComplete',
'IsAppThemed',
'IsThemeActive',
'ReadFile',
'GetStdHandle',
'WriteFile',
'GetDriveTypeA',
'GetDiskFreeSpaceA',
'GetVolumeInformationA',
'GetFileAttributesA',
'SetFileAttributesA',
'SetFileAttributesW',
'MoveFileA',
'DeleteFileW',
'DeleteFileA',
'RemoveDirectoryW',
'RemoveDirectoryA',
'DeviceIoControl',
'CreateDirectoryA',
'CreateDirectoryW',
'ExpandEnvironmentStringsW',
'FindNextFileA',
'FindFirstFileA',
'GetDiskFreeSpaceW',
'Sleep',
'GetVersionExW',
'CompareFileTime',
'FindCloseChangeNotification',
'FindFirstChangeNotificationW',
'GetLocaleInfoW',
'GetNumberFormatW',
'CreateThread',
'ExitThread',
'GetProcessAffinityMask',
'SetEvent',
'ResetEvent',
'SetThreadPriority',
'GetCurrentThread',
'WaitForMultipleObjects',
'CreateEventW',
'GetFullPathNameA',
'GetFullPathNameW',
'GetModuleFileNameA',
'CopyFileW',
'GetCompressedFileSizeW',
'FindResourceW',
'SizeofResource',
'LoadResource',
'LoadLibraryExW',
'GetCurrentProcessId',
'UpdateResourceW',
'EnumResourceLanguagesW',
'EndUpdateResourceW',
'EnumResourceNamesW',
'BeginUpdateResourceW',
'CompareStringA',
'SetPriorityClass',
'SetCurrentDirectoryA',
'GetCurrentDirectoryA',
'WideCharToMultiByte',
'CompareStringW',
'IsDBCSLeadByte',
'GetCPInfo',
'GlobalMemoryStatus',
'GetVolumeInformationW',
'CreateFileA',
'SetCurrentDirectoryW',
'ResumeThread',
'SuspendThread',
'GetSystemTimeAsFileTime',
'GetCurrentThreadId',
'GetDateFormatA',
'GetTimeFormatA',
'GetLocalTime',
'GetThreadPriority',
'GetPriorityClass',
'SetErrorMode',
'MulDiv',
'FindNextChangeNotification',
'HeapFree',
'HeapAlloc',
'GetProcessHeap',
'LeaveCriticalSection',
'EnterCriticalSection',
'LoadLibraryA',
'QueryPerformanceCounter',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'GetStringTypeW',
'GetStringTypeA',
'GetConsoleMode',
'GetConsoleCP',
'InitializeCriticalSectionAndSpinCount',
'SetHandleCount',
'HeapSize',
'DeleteCriticalSection',
'LCMapStringW',
'LCMapStringA',
'IsValidCodePage',
'GetOEMCP',
'GetACP',
'FlsAlloc',
'FlsFree',
'FlsSetValue',
'FlsGetValue',
'DecodePointer',
'EncodePointer',
'HeapCreate',
'HeapSetInformation',
'ExitProcess',
'RtlCaptureContext',
'RtlVirtualUnwind',
'IsDebuggerPresent',
'SetUnhandledExceptionFilter',
'UnhandledExceptionFilter',
'TerminateProcess',
'GetStartupInfoA',
'GetCommandLineA',
'SetStdHandle',
'RtlPcToFileHeader',
'RaiseException',
'RtlUnwindEx',
'RtlLookupFunctionEntry',
'HeapReAlloc',
'GetFileType',
'GetFileTime',
'SetEndOfFile',
'SetFilePointer',
'FlushFileBuffers',
'SetFileTime',
'BackupSeek',
'BackupRead',
'CreateFileW',
'GetCurrentProcess',
'FormatMessageW',
'LocalFree',
'GetCurrentDirectoryW',
'MoveFileW',
'CreateMutexW',
'ReleaseMutex',
'GetLastError',
'GlobalSize',
'GlobalAlloc',
'GlobalLock',
'GlobalUnlock',
'GlobalFree',
'MultiByteToWideChar',
'WriteConsoleW',
'GetVersionExA',
'GetTickCount',
'GetSystemTime',
'SystemTimeToFileTime',
'CreateFileMappingW',
'WaitForSingleObject',
'OpenFileMappingW',
'MapViewOfFile',
'UnmapViewOfFile',
'CloseHandle',
'GetTempPathW',
'GetCommandLineW',
'GetModuleFileNameW',
'FindNextFileW',
'LoadLibraryW',
'LocalFileTimeToFileTime',
'FreeLibrary',
'GetTempPathA',
'ExpandEnvironmentStringsA',
'GetDriveTypeW',
'FileTimeToDosDateTime',
'FindFirstFileW',
'FileTimeToLocalFileTime',
'FileTimeToSystemTime',
'GetTimeFormatW',
'GetDateFormatW',
'FindClose',
'DosDateTimeToFileTime',
'GetFileAttributesW',
'GetModuleHandleW',
'GetProcAddress',
'SetLastError',
'GetLocaleInfoA',
'SetEnvironmentVariableA',
'WriteConsoleA',
'GetConsoleOutputCP',
'GetLogicalDrives',
'LoadIconW',
'PtInRect',
'ScrollWindowEx',
'SetScrollPos',
'CreateDialogParamW',
'PostThreadMessageW',
'IsChild',
'GetLastActivePopup',
'GetMenuItemID',
'GetClipboardData',
'SetMenu',
'InsertMenuW',
'LoadMenuW',
'PostQuitMessage',
'RegisterClassW',
'LoadAcceleratorsW',
'GetMenuState',
'GetMessageW',
'CopyRect',
'ValidateRect',
'GetSysColor',
'CopyImage',
'FillRect',
'ExitWindowsEx',
'CharUpperA',
'CharLowerA',
'DrawIconEx',
'LoadStringW',
'GetWindow',
'SetMenuItemInfoW',
'GetWindowLongW',
'SetWindowLongW',
'GetSystemMenu',
'KillTimer',
'SetTimer',
'SystemParametersInfoW',
'RedrawWindow',
'GetComboBoxInfo',
'SetScrollRange',
'IsCharAlphaW',
'CharLowerW',
'OpenClipboard',
'TranslateMessage',
'SetClipboardData',
'CharToOemA',
'CloseClipboard',
'MessageBeep',
'PeekMessageW',
'CharUpperW',
'GetFocus',
'EnableMenuItem',
'MoveWindow',
'CheckMenuItem',
'LoadBitmapW',
'InsertMenuItemW',
'LoadImageW',
'EndPaint',
'IsWindow',
'SetWindowTextW',
'GetClientRect',
'UpdateWindow',
'GetWindowTextLengthW',
'AppendMenuW',
'DrawMenuBar',
'GetMenu',
'GetSubMenu',
'DeleteMenu',
'GetMenuItemCount',
'GetMenuItemInfoW',
'CharToOemBuffW',
'ScreenToClient',
'ClientToScreen',
'CreatePopupMenu',
'SetWindowLongPtrW',
'TrackPopupMenu',
'DestroyMenu',
'CallWindowProcW',
'RegisterClipboardFormatW',
'GetKeyState',
'CreateDialogIndirectParamW',
'BringWindowToTop',
'SetWindowPlacement',
'GetPropW',
'RemovePropW',
'GetIconInfo',
'CreateIconIndirect',
'TranslateAcceleratorW',
'IsDialogMessageW',
'SetPropW',
'FindWindowW',
'GetForegroundWindow',
'RegisterWindowMessageW',
'FindWindowExW',
'EnumWindows',
'CreateIcon',
'SetForegroundWindow',
'GetDlgItemTextA',
'SetDlgItemTextA',
'FlashWindow',
'IsCharUpperW',
'RegisterClassExW',
'SendMessageW',
'SetFocus',
'GetWindowTextW',
'DefWindowProcW',
'CreateWindowExW',
'DestroyWindow',
'SetDlgItemTextW',
'EndDialog',
'EmptyClipboard',
'DispatchMessageW',
'LoadCursorW',
'SetCursor',
'WindowFromPoint',
'GetWindowThreadProcessId',
'GetDC',
'ReleaseDC',
'GetDesktopWindow',
'GetCursorPos',
'GetWindowLongPtrW',
'ShowWindow',
'EnableWindow',
'IntersectRect',
'SystemParametersInfoA',
'IsIconic',
'GetWindowPlacement',
'GetSystemMetrics',
'IsWindowEnabled',
'SetDlgItemInt',
'GetDlgItemInt',
'IsDlgButtonChecked',
'PostMessageW',
'EnumChildWindows',
'GetClassNameW',
'GetWindowRect',
'MapWindowPoints',
'SetWindowPos',
'InvalidateRect',
'GetParent',
'CheckDlgButton',
'MessageBoxW',
'IsWindowVisible',
'OemToCharBuffA',
'CharToOemBuffA',
'DialogBoxParamW',
'DestroyIcon',
'GetDlgItem',
'SendDlgItemMessageW',
'OemToCharA',
'GetDlgItemTextW',
'BeginPaint',
'LineTo',
'MoveToEx',
'Rectangle',
'GetTextExtentPoint32W',
'CreatePatternBrush',
'TextOutA',
'SetMapMode',
'DPtoLP',
'CreateBitmap',
'SetPixel',
'GetMapMode',
'CreateCompatibleBitmap',
'StretchBlt',
'SetBkColor',
'ExtTextOutW',
'BitBlt',
'GetObjectW',
'CreateCompatibleDC',
'GetPixel',
'DeleteDC',
'CreatePen',
'CreateSolidBrush',
'SetTextColor',
'TextOutW',
'Polygon',
'Polyline',
'SelectObject',
'GetTextFaceW',
'GetTextMetricsW',
'CreateFontW',
'GetDeviceCaps',
'DeleteObject',
'GetSaveFileNameW',
'GetOpenFileNameW',
'CommDlgExtendedError',
'ChooseFontW',
'LookupPrivilegeValueW',
'OpenProcessToken',
'SetFileSecurityA',
'SetFileSecurityW',
'GetSecurityDescriptorLength',
'GetFileSecurityA',
'GetFileSecurityW',
'RegCloseKey',
'RegQueryValueExA',
'RegOpenKeyExA',
'IsTextUnicode',
'RegEnumValueW',
'RegSetValueExW',
'RegCreateKeyExW',
'RegDeleteValueW',
'RegEnumKeyExW',
'RegDeleteKeyW',
'RegOpenKeyExW',
'RegQueryValueExW',
'AdjustTokenPrivileges',
'SHGetPathFromIDListW',
'FindExecutableW',
'DragFinish',
'DragQueryFileW',
'DragAcceptFiles',
'Shell_NotifyIconW',
'ShellExecuteW',
'SHGetPathFromIDListA',
'SHGetFileInfoW',
'SHAddToRecentDocs',
'SHFileOperationW',
'ShellExecuteExW',
'SHGetMalloc',
'SHBrowseForFolderW',
'SHChangeNotify',
'SHGetDesktopFolder',
'SHGetSpecialFolderLocation',
'CreateStreamOnHGlobal',
'CoCreateInstance',
'CoTaskMemFree',
'OleInitialize',
'OleUninitialize',
'CoTaskMemAlloc',
'CLSIDFromString',
'OleSetClipboard',
'DoDragDrop',
'CoInitializeEx',
'VariantInit'],
'LinkerVersion': 9,
'NumberOfImportDLL': 11,
'NumberOfImportFunctions': 432,
'NumberOfSections': 6,
'OSVersion': 5,
'ResSize': 210880,
'StackReserveSize': 1048576,
'filename': './data/malware/6daccdfab365667009132e7c938a6dceab09dbf11d9df8678cc7dcfe8abc3973'},
'6dbcb3b1dc7a5dc10a2440241c192039bc0b5fc552ce4997bbb5f927dae816ab': {'AddressOfEntryPoint': 1074380493,
'DebugRVA': 473136,
'DebugSize': 28,
'Dll': 32768,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 471040,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'KERNEL32.dll': 'LCMapStringW',
'SETUPAPI.dll': 'SetupGetSourceFileLocationW',
'SHELL32.dll': 'SHCreateDirectoryExW',
'SHLWAPI.dll': 'SHDeleteKeyW',
'USER32.dll': 'ExitWindowsEx',
'VERSION.dll': 'VerQueryValueW',
'WINTRUST.dll': 'WinVerifyTrust',
'ole32.dll': 'CoTaskMemAlloc'},
'ImportedFunctions': ['SetupIterateCabinetW',
'SetupOpenFileQueue',
'SetupDefaultQueueCallbackW',
'SetupInitDefaultQueueCallbackEx',
'SetupCommitFileQueueW',
'SetupScanFileQueueW',
'SetupGetFileCompressionInfoW',
'SetupDecompressOrCopyFileW',
'SetupDiDestroyDeviceInfoList',
'SetupDiEnumDeviceInfo',
'SetupCopyOEMInfW',
'SetupCloseFileQueue',
'SetupTermDefaultQueueCallback',
'SetupGetBinaryField',
'SetupGetIntField',
'SetupGetStringFieldW',
'SetupGetFieldCount',
'SetupFindNextMatchLineW',
'SetupGetLineTextW',
'SetupGetLineByIndexW',
'SetupFindFirstLineW',
'SetupGetLineCountW',
'SetupOpenInfFileW',
'SetupCloseInfFile',
'CM_Locate_DevNodeW',
'CM_Reenumerate_DevNode',
'CMP_WaitNoPendingInstallEvents',
'SetupDiSetClassInstallParamsW',
'SetupDiCallClassInstaller',
'SetupDiGetDeviceInstallParamsW',
'CM_Get_DevNode_Status',
'SetupDiOpenDevRegKey',
'CM_Get_DevNode_Registry_PropertyW',
'SetupDiGetClassDevsW',
'SetupDiGetDeviceRegistryPropertyW',
'SetupDiSetDeviceRegistryPropertyW',
'SetupGetTargetPathW',
'SetupGetSourceFileLocationW',
'GetFileVersionInfoW',
'GetFileVersionInfoSizeW',
'VerQueryValueW',
'WinVerifyTrust',
'RtlLookupFunctionEntry',
'GetLocaleInfoA',
'GetACP',
'DeleteCriticalSection',
'InitializeCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'RaiseException',
'GetProcessHeap',
'HeapSize',
'SetEnvironmentVariableA',
'CompareStringW',
'CompareStringA',
'CreateFileA',
'SetEndOfFile',
'GetLocaleInfoW',
'GetFileAttributesW',
'ExpandEnvironmentStringsW',
'lstrcpyW',
'lstrcatW',
'CloseHandle',
'GetCurrentProcess',
'GetModuleHandleW',
'GetSystemDirectoryW',
'FreeLibrary',
'GetProcAddress',
'LoadLibraryW',
'GetLastError',
'GetSystemWow64DirectoryW',
'GetCommandLineW',
'FindResourceW',
'SizeofResource',
'LockResource',
'LoadResource',
'FindResourceExW',
'Sleep',
'Module32NextW',
'Module32FirstW',
'CreateToolhelp32Snapshot',
'SetThreadLocale',
'GetThreadLocale',
'CreateFileW',
'DeleteFileW',
'FlushFileBuffers',
'RtlUnwindEx',
'ReadFile',
'SetFilePointer',
'SetErrorMode',
'SetNamedPipeHandleState',
'DuplicateHandle',
'CreatePipe',
'CreateProcessW',
'GetExitCodeProcess',
'WaitForSingleObject',
'GetCurrentProcessId',
'OutputDebugStringW',
'OutputDebugStringA',
'MoveFileExW',
'SetFileAttributesW',
'CopyFileW',
'LocalFree',
'GetModuleHandleA',
'GetStdHandle',
'MoveFileW',
'RemoveDirectoryW',
'MultiByteToWideChar',
'GetVersionExW',
'GetVersionExA',
'GetFullPathNameW',
'GetTempFileNameW',
'GetModuleFileNameW',
'GetWindowsDirectoryW',
'GetCurrentDirectoryW',
'FindClose',
'FindFirstFileW',
'LocalAlloc',
'GetCurrentThread',
'GetUserDefaultLangID',
'WideCharToMultiByte',
'FormatMessageW',
'WriteConsoleW',
'GetConsoleOutputCP',
'WriteConsoleA',
'IsValidLocale',
'EnumSystemLocalesA',
'GetUserDefaultLCID',
'GetStringTypeW',
'RtlPcToFileHeader',
'TerminateProcess',
'HeapReAlloc',
'UnhandledExceptionFilter',
'SetUnhandledExceptionFilter',
'IsDebuggerPresent',
'RtlCaptureContext',
'GetSystemTimeAsFileTime',
'SetStdHandle',
'GetFileType',
'RtlVirtualUnwind',
'FlsGetValue',
'TlsAlloc',
'FlsSetValue',
'TlsFree',
'FlsFree',
'SetLastError',
'GetCurrentThreadId',
'TlsSetValue',
'FlsAlloc',
'ExitProcess',
'GetModuleFileNameA',
'HeapSetInformation',
'HeapCreate',
'GetCPInfo',
'GetOEMCP',
'IsValidCodePage',
'LCMapStringA',
'WriteFile',
'GetStringTypeA',
'LoadLibraryA',
'SetConsoleCtrlHandler',
'GetTickCount',
'QueryPerformanceCounter',
'GetCommandLineA',
'GetEnvironmentStringsW',
'FreeEnvironmentStringsW',
'GetEnvironmentStrings',
'FreeEnvironmentStringsA',
'GetTimeZoneInformation',
'GetTimeFormatA',
'GetDateFormatA',
'GetStartupInfoA',
'SetHandleCount',
'FatalAppExitA',
'GetConsoleMode',
'GetConsoleCP',
'HeapDestroy',
'HeapAlloc',
'HeapFree',
'LCMapStringW',
'GetClassNameW',
'SendMessageTimeoutW',
'GetWindowTextW',
'GetWindowThreadProcessId',
'UnregisterClassA',
'EnumWindows',
'ExitWindowsEx',
'RegOpenKeyExW',
'RegEnumValueW',
'ImpersonateSelf',
'OpenThreadToken',
'AllocateAndInitializeSid',
'InitializeSecurityDescriptor',
'GetLengthSid',
'InitializeAcl',
'AddAccessAllowedAce',
'SetSecurityDescriptorDacl',
'SetSecurityDescriptorGroup',
'SetSecurityDescriptorOwner',
'IsValidSecurityDescriptor',
'AccessCheck',
'RevertToSelf',
'FreeSid',
'RegDeleteKeyW',
'RegCreateKeyExW',
'RegEnumKeyExW',
'RegSetValueExW',
'RegDeleteValueW',
'RegLoadKeyW',
'RegUnLoadKeyW',
'OpenProcessToken',
'LookupPrivilegeValueW',
'AdjustTokenPrivileges',
'RegQueryValueExW',
'RegCloseKey',
'SHGetPathFromIDListW',
'SHBindToParent',
'SHFileOperationW',
'SHGetSpecialFolderPathW',
'SHBrowseForFolderW',
'SHGetMalloc',
'SHSetLocalizedName',
'SHCreateDirectoryExW',
'CoInitializeEx',
'CoUninitialize',
'CoCreateInstance',
'CoInitialize',
'CoTaskMemFree',
'CoTaskMemAlloc',
'SHDeleteKeyW'],
'LinkerVersion': 8,
'NumberOfImportDLL': 9,
'NumberOfImportFunctions': 230,
'NumberOfSections': 5,
'OSVersion': 4,
'ResSize': 992,
'StackReserveSize': 1048576,
'filename': './data/malware/6dbcb3b1dc7a5dc10a2440241c192039bc0b5fc552ce4997bbb5f927dae816ab'},
'6dbcf9b55a03cbbfd3009f53e292cc5975ffb1ad136ed00c725356772f09d4b7': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 119084,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 119296,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/6dbcf9b55a03cbbfd3009f53e292cc5975ffb1ad136ed00c725356772f09d4b7'},
'6dc8848c6775b59b0e17fccc7e89ddb71473fa1472d3fa4044e02a228bfd0968': {'AddressOfEntryPoint': 71560,
'DebugRVA': 25232,
'DebugSize': 28,
'Dll': 0,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 24576,
'ImageBase': 65536,
'ImageVersion': 6,
'ImportedDLL': {'NDIS.SYS': 'NdisDeregisterProtocol',
'ntoskrnl.exe': 'ZwOpenKey'},
'ImportedFunctions': ['KeBugCheckEx',
'_wcsnicmp',
'KeReleaseSpinLockFromDpcLevel',
'KeAcquireSpinLockAtDpcLevel',
'ExpInterlockedPopEntrySList',
'IoReleaseCancelSpinLock',
'KeAcquireSpinLockRaiseToDpc',
'MmLockPagableDataSection',
'ExDeleteNPagedLookasideList',
'IoDeleteDevice',
'ExQueryDepthSList',
'ExpInterlockedPushEntrySList',
'ExAllocatePoolWithTag',
'ExInitializeNPagedLookasideList',
'IofCompleteRequest',
'KeQueryTimeIncrement',
'RtlGUIDFromString',
'RtlInitUnicodeString',
'ExFreePoolWithTag',
'KeReleaseSpinLock',
'MmGetSystemRoutineAddress',
'ZwClose',
'ZwSetSecurityObject',
'IoCreateDevice',
'IoDeviceObjectType',
'ObOpenObjectByPointer',
'_snwprintf',
'RtlLengthSecurityDescriptor',
'SeCaptureSecurityDescriptor',
'RtlGetSaclSecurityDescriptor',
'RtlGetGroupSecurityDescriptor',
'RtlGetDaclSecurityDescriptor',
'wcschr',
'RtlSetDaclSecurityDescriptor',
'RtlAddAccessAllowedAce',
'IoHsWdmVersionAvailable',
'SeExports',
'RtlLengthSid',
'RtlCreateSecurityDescriptor',
'ZwCreateKey',
'ZwSetValueKey',
'RtlFreeUnicodeString',
'ZwQueryValueKey',
'ZwOpenKey',
'NdisAcquireReadWriteLock',
'NdisCmCloseAddressFamilyComplete',
'NdisCmDispatchIncomingCloseCall',
'NdisClCloseCall',
'NdisInitializeTimer',
'NdisClRegisterSap',
'NdisCoGetTapiCallId',
'NdisCmDispatchCallConnected',
'NdisCmDispatchIncomingCall',
'NdisClIncomingCallComplete',
'NdisClMakeCall',
'NdisCoDeleteVc',
'NdisCoCreateVc',
'NdisReleaseReadWriteLock',
'NdisInitializeReadWriteLock',
'NdisReadConfiguration',
'NdisOpenConfigurationKeyByName',
'NdisOpenProtocolConfiguration',
'NdisRegisterProtocol',
'NdisSetTimer',
'NdisCancelTimer',
'NdisClDeregisterSap',
'NdisInitializeEvent',
'NdisWaitEvent',
'NdisSetEvent',
'NdisCmCloseCallComplete',
'NdisOpenAdapter',
'NdisRequest',
'NdisCloseAdapter',
'NdisClOpenAddressFamily',
'NdisCmRegisterAddressFamily',
'NdisClCloseAddressFamily',
'NdisDeregisterProtocol'],
'LinkerVersion': 9,
'NumberOfImportDLL': 2,
'NumberOfImportFunctions': 77,
'NumberOfSections': 9,
'OSVersion': 6,
'ResSize': 1000,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.rdata\x00\x00': 3072,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 1024,
'.text\x00\x00\x00': 17920,
'INIT\x00\x00\x00\x00': 5120,
'PAGE\x00\x00\x00\x00': 6144,
'PAGENDPx': 19456},
'StackReserveSize': 262144,
'filename': './data/malware/6dc8848c6775b59b0e17fccc7e89ddb71473fa1472d3fa4044e02a228bfd0968'},
'6dd17eb2564bc0263516ce985a02b345974dd624152ac9f87225f85ac040dc88': {'AddressOfEntryPoint': 50000,
'DebugRVA': 5440,
'DebugSize': 28,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 4096,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {'ADVAPI32.dll': 'RegCloseKey',
'GDI32.dll': 'GetDeviceCaps',
'KERNEL32.dll': 'CreateProcessA',
'USER32.dll': 'GetSystemMetrics',
'VERSION.dll': 'VerQueryValueA',
'msvcrt.dll': '_initterm'},
'ImportedFunctions': ['OpenProcessToken',
'GetTokenInformation',
'RegSetValueExA',
'EqualSid',
'RegQueryValueExA',
'LookupPrivilegeValueA',
'RegCreateKeyExA',
'RegOpenKeyExA',
'RegQueryInfoKeyA',
'RegDeleteValueA',
'AllocateAndInitializeSid',
'FreeSid',
'AdjustTokenPrivileges',
'RegCloseKey',
'GetCurrentProcess',
'GlobalLock',
'_lclose',
'ExpandEnvironmentStringsA',
'GetWindowsDirectoryA',
'GlobalAlloc',
'GetPrivateProfileIntA',
'GetFileAttributesA',
'IsDBCSLeadByte',
'GetSystemDirectoryA',
'GlobalUnlock',
'GetShortPathNameA',
'CreateDirectoryA',
'FindFirstFileA',
'GetLastError',
'GetProcAddress',
'RemoveDirectoryA',
'SetFileAttributesA',
'GlobalFree',
'FindClose',
'GetPrivateProfileStringA',
'LoadLibraryA',
'LocalAlloc',
'WritePrivateProfileStringA',
'GetModuleFileNameA',
'FindNextFileA',
'CompareStringA',
'_lopen',
'CloseHandle',
'LocalFree',
'DeleteFileA',
'ExitProcess',
'DosDateTimeToFileTime',
'FreeLibrary',
'FindResourceA',
'SetFilePointer',
'FreeResource',
'LoadResource',
'WaitForSingleObject',
'SetEvent',
'GetModuleHandleW',
'FormatMessageA',
'SetFileTime',
'WriteFile',
'GetDriveTypeA',
'GetVolumeInformationA',
'TerminateThread',
'SizeofResource',
'CreateEventA',
'GetExitCodeProcess',
'lstrlenA',
'ReadFile',
'SetCurrentDirectoryA',
'GetTempFileNameA',
'ResetEvent',
'LockResource',
'GetSystemInfo',
'LoadLibraryExA',
'CreateMutexA',
'GetCurrentDirectoryA',
'GetVersionExA',
'GetVersion',
'GetTempPathA',
'CreateThread',
'LocalFileTimeToFileTime',
'Sleep',
'CreateFileA',
'_llseek',
'lstrcmpA',
'GetStartupInfoW',
'OutputDebugStringA',
'RtlVirtualUnwind',
'RtlLookupFunctionEntry',
'RtlCaptureContext',
'SetUnhandledExceptionFilter',
'QueryPerformanceCounter',
'GetTickCount',
'GetCurrentThreadId',
'GetCurrentProcessId',
'GetSystemTimeAsFileTime',
'TerminateProcess',
'UnhandledExceptionFilter',
'EnumResourceLanguagesA',
'MulDiv',
'GetDiskFreeSpaceA',
'CreateProcessA',
'GetDeviceCaps',
'ReleaseDC',
'PeekMessageA',
'MessageBoxA',
'GetDC',
'SendMessageA',
'SetForegroundWindow',
'MsgWaitForMultipleObjects',
'SendDlgItemMessageA',
'GetWindowLongPtrA',
'GetWindowRect',
'SetWindowPos',
'ShowWindow',
'SetWindowLongPtrA',
'DispatchMessageA',
'SetWindowTextA',
'EnableWindow',
'CallWindowProcA',
'DialogBoxIndirectParamA',
'GetDlgItemTextA',
'LoadStringA',
'MessageBeep',
'CharUpperA',
'CharNextA',
'ExitWindowsEx',
'CharPrevA',
'EndDialog',
'GetDesktopWindow',
'SetDlgItemTextA',
'GetDlgItem',
'GetSystemMetrics',
'__set_app_type',
'memcpy',
'memset',
'?terminate@@YAXXZ',
'_fmode',
'_acmdln',
'exit',
'_commode',
'__setusermatherr',
'_amsg_exit',
'_cexit',
'_ismbblead',
'_exit',
'_XcptFilter',
'__C_specific_handler',
'__getmainargs',
'_errno',
'_vsnprintf',
'_initterm',
'GetFileVersionInfoA',
'GetFileVersionInfoSizeA',
'VerQueryValueA'],
'LinkerVersion': 10,
'NumberOfImportDLL': 7,
'NumberOfImportFunctions': 153,
'NumberOfSections': 5,
'OSVersion': 6,
'ResSize': 629992,
'SectionNames': {'.data\x00\x00\x00': 2048,
'.pdata\x00\x00': 1536,
'.reloc\x00\x00': 512,
'.rsrc\x00\x00\x00': 630272,
'.text\x00\x00\x00': 53760},
'StackReserveSize': 524288,
'filename': './data/malware/6dd17eb2564bc0263516ce985a02b345974dd624152ac9f87225f85ac040dc88'},
'6df712028446af021b9ca5090778b3cc0af63616691cdcd50ba94d97df021b60': {'AddressOfEntryPoint': 929792,
'DebugRVA': 400492,
'DebugSize': 56,
'Dll': 33088,
'ExportRVA': 0,
'ExportSize': 0,
'IATRVA': 401408,
'ImageBase': 4294967296,
'ImageVersion': 6,
'ImportedDLL': {},
'ImportedFunctions': [],
'LinkerVersion': 9,
'NumberOfImportDLL': 0,
'NumberOfImportFunctions': 0,
'NumberOfSections': 0,
'OSVersion': 6,
'ResSize': 403352,
'SectionNames': {},
'StackReserveSize': 524288,
'filename': './data/malware/6df712028446af021b9ca5090778b3cc0af63616691cdcd50ba94d97df021b60'},
'6edfe6ef35a7f7908e6a887b054b5aa697f00d1537a332675e6218ffd7a02071': {'AddressOfEntryPoint': 52864,
'DebugRVA': 91472,
'DebugSize': 28,
'Dll': 33024,
'ExportRVA': 100176,
'ExportSize': 51,
'IATRVA': 90112,
'ImageBase': 5368709120,
'ImageVersion': 0,
'ImportedDLL': {'ADVAPI32.dll': 'AdjustTokenPrivileges',
'COMDLG32.dll': 'GetSaveFileNameA',
'GDI32.dll': 'DeleteDC',
'KERNEL32.dll': 'lstrcmpiA',
'OLEAUT32.dll': 'VariantInit',
'SHELL32.dll': 'SHChangeNotify',
'USER32.dll': 'GetMessageA',
'ole32.dll': 'CLSIDFromString'},
'ImportedFunctions': ['DeleteFileA',
'DeleteFileW',
'CreateDirectoryA',
'CreateDirectoryW',
'FindClose',
'FindNextFileA',
'FindFirstFileA',
'FindNextFileW',
'FindFirstFileW',
'GetTickCount',
'WideCharToMultiByte',
'MultiByteToWideChar',
'GetVersionExA',
'GlobalAlloc',
'lstrlenA',
'GetModuleFileNameA',
'FindResourceA',
'GetModuleHandleA',
'HeapAlloc',
'GetProcessHeap',
'HeapFree',
'HeapReAlloc',
'CompareStringA',
'ExitProcess',
'GetLocaleInfoA',
'GetNumberFormatA',
'GetProcAddress',
'DosDateTimeToFileTime',
'GetDateFormatA',
'GetTimeFormatA',
'FileTimeToSystemTime',
'FileTimeToLocalFileTime',
'ExpandEnvironmentStringsA',
'WaitForSingleObject',
'SetCurrentDirectoryA',
'Sleep',
'GetTempPathA',
'MoveFileExA',
'GetModuleFileNameW',
'SetEnvironmentVariableA',
'GetCommandLineA',
'LocalFileTimeToFileTime',
'SystemTimeToFileTime',
'GetSystemTime',
'IsDBCSLeadByte',
'GetCPInfo',
'FreeLibrary',
'LoadLibraryA',
'GetCurrentDirectoryA',
'GetFullPathNameA',
'SetFileAttributesW'